It may come as a surprise, but recent findings reveal that significantly fewer people were affected by healthcare data breaches in the United States in 2025 compared to the previous year. This observation was shared by John Riggi, the National Advisor for Cybersecurity at the American Hospital Association (AHA). According to Riggi, despite ongoing cyber threats, the scale of reported breaches in 2025 showed a notable decline when measured against the alarming figures recorded in 2024.
Riggi arrived at this conclusion after carefully reviewing data provided by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR is responsible for tracking and documenting reported data breaches and cyberattacks targeting U.S. healthcare infrastructure. These records offer valuable insights into the evolving cybersecurity landscape within the healthcare sector.
Based on the available data, approximately 42.2 million individuals were affected by cyber incidents in 2025. While this number is still substantial, it represents a sharp decrease compared to 2024, when more than 270 million people were impacted by healthcare-related cyberattacks. In fact, the 2024 figures suggested that nearly three out of every four Americans were affected, largely due to large-scale and sophisticated incidents, including the widely reported Change Healthcare cyberattack. That single event alone contributed heavily to the unprecedented numbers seen last year.
However, experts caution that the lower figures reported in 2025 may not tell the complete story. Riggi himself acknowledged the possibility that some data breaches may have gone unreported or, in certain cases, may not have been detected at all. Factors such as delayed discovery, inadequate monitoring systems, or internal reporting gaps could mean that the actual number of affected individuals is higher than currently documented. These unreported incidents could add to the “long tail” of healthcare data breaches that only surface much later.
Adding to these concerns, James Scott Gee, the Deputy National Advisor at the AHA, highlighted an emerging and troubling trend observed throughout 2025. He noted that threat actors increasingly leveraged artificial intelligence tools to craft highly convincing phishing emails. These AI-generated messages often appeared legitimate and were used as an entry point for broader cyberattacks on healthcare systems.
In many cases, hackers relied on advanced social engineering techniques, impersonating customer support representatives or trusted technology vendors. By deceiving IT staff and healthcare employees, attackers were able to steal login credentials and gain unauthorized access to sensitive systems. This shift toward AI-driven deception underscores the growing complexity of cyber threats facing the healthcare sector and highlights the urgent need for improved awareness, training, and cybersecurity defenses moving forward.
Join our LinkedIn group Information Security Community!
