July 2025 Healthcare Data Breach Report

July 2025 witnessed a significant surge in healthcare data breaches, with 43 reported incidents affecting approximately 4.37 million individuals. The month was dominated by hacking and IT incidents, which accounted for 86% of all breaches, highlighting the persistent cybersecurity challenges facing the healthcare sector.

  • Total Breaches: 43 incidents
  • Total Individuals Affected: 4,372,744
  • Average Breach Size: 101,690 individuals per incident
  • Largest Single Breach: Anne Arundel Dermatology (MD) – 1,905,000 individuals
  • Geographic Distribution: 21 states affected, with Florida leading at 7 incidents

Breach Analysis by Type

During July 2025, healthcare data breaches primarily stemmed from hacking and IT incidents, accounting for a significant majority of both the number of incidents and the individuals affected. Unauthorized access and disclosure incidents were far less common, impacting a smaller percentage of individuals.

Hacking/IT Incidents

  • Count: 37 incidents (86.0%)
  • Individuals Affected: 4,345,912 (99.4%)
  • Primary Target: Network servers (73% of hacking incidents)

Unauthorized Access/Disclosure

  • Count: 6 incidents (14.0%)
  • Individuals Affected: 26,832 (0.6%)
  • Common Locations: Email systems and network servers

Geographic Distribution

States with Multiple Incidents

  • Florida: 7 breaches (242,268 individuals)
  • Texas: 4 breaches (75,120 individuals)
  • California: 3 breaches (6,057 individuals)
  • Michigan: 2 breaches (63,603 individuals)
  • New York: 2 breaches (32,243 individuals)

Affected Entity Types

Healthcare Providers

  • Count: 34 incidents (79.1%)
  • Individuals Affected: 3,880,497

Business Associates

  • Count: 9 incidents (20.9%)
  • Individuals Affected: 492,247

Major Incidents

Largest Breaches by Individual Impact

  1. Anne Arundel Dermatology (MD) – 1,905,000 individuals 
    • Type: Hacking/IT Incident
    • Location: Network Server
  2. Radiology Associates of Richmond, Inc. (VA) – 1,419,091 individuals 
    • Type: Hacking/IT Incident
    • Location: Network Server
  3. Zumpano Patricios, P.A. (FL) – 279,275 individuals 
    • Type: Hacking/IT Incident
    • Location: Network Server
  4. Cierant Corporation (CT) – 232,506 individuals 
    • Type: Hacking/IT Incident
    • Location: Network Server
  5. Alera Group, Inc. (IL) – 155,567 individuals 
    • Type: Hacking/IT Incident
    • Location: Network Server

Attack Vector Analysis

Network Server Compromises

  • Incidents: 27 (62.8% of total)
  • Individuals Affected: 4,190,179
  • Note: Network servers remain the most attractive target for cybercriminals

Email System Breaches

  • Incidents: 13 (30.2% of total)
  • Individuals Affected: 174,597
  • Trend: Email-based attacks continue to be a significant threat vector

Other Vectors

  • Laptop compromises: 2 incidents
  • Paper/Films: 1 incident
  • Mixed locations: 1 incident

Business Associate Involvement

  • Incidents with BA Present: 11 (25.6%)
  • Incidents without BA: 32 (74.4%)
  • Notable: Business associates were involved in some of the largest breaches, including several affecting over 100,000 individuals

Industry Impact Assessment

Healthcare Providers at Risk

The data reveals that healthcare providers of all sizes remain vulnerable, from small practices (501 individuals) to large healthcare systems (1.9 million individuals). Dermatology practices, hospitals, and specialty care centers were particularly targeted.

Regional Vulnerability

Florida’s prominence in the breach statistics (7 incidents) suggests either concentrated cybercriminal activity in the region or potential systemic vulnerabilities in the state’s healthcare infrastructure.

Trends and Observations

  1. Scale of Impact: The average breach size of 101,690 individuals represents a significant increase in the scope of successful attacks. 
  2. Attack Sophistication: The dominance of network server compromises indicates attackers are successfully penetrating core IT infrastructure rather than relying on simpler attack vectors. 
  3. Persistent Threat: The consistent pattern of hacking incidents throughout July suggests ongoing, systematic targeting of healthcare organizations. 
  4. Business Associate Risk: Nearly one-quarter of incidents involved business associates, emphasizing the importance of third-party risk management.

Recommendations

Immediate Actions

  • Implement enhanced network monitoring and intrusion detection systems
  • Conduct comprehensive security assessments of all network servers
  • Review and strengthen email security protocols
  • Enhance incident response procedures

Strategic Initiatives

  • Develop robust business associate risk management programs
  • Invest in advanced threat detection and response capabilities
  • Implement zero-trust network architectures
  • Establish regular security awareness training programs

Regulatory Considerations

Conclusion

July 2025’s breach landscape demonstrates the escalating cybersecurity challenges facing the healthcare industry. With over 4.37 million individuals affected across 43 incidents, the month represents one of the most significant periods for healthcare data breaches. The predominance of network server compromises and the involvement of business associates in major incidents highlight the need for comprehensive, multi-layered security strategies and robust third-party risk management.

Healthcare organizations must prioritize cybersecurity investments and implement proactive defense measures to protect patient data and maintain operational integrity in an increasingly hostile threat environment.

Track All Regulations on One Platform

Centralize and streamline healthcare compliance management.

Global CTAs Image