1. The Current State: Mounting Threats and Supply Chain Risk

In the first half of 2025 alone, breaches impacted more than 29 million patient records via some of the largest data compromises reported to HHS’s OCR portal. Much of this stems from hacking and IT incidents; back in 2010, only 4% of breaches were due to hacking—today, that figure has surged to 81%.

Ransomware remains a constant threat: 77% of healthcare organizations were targeted in the past year, with 53% of those attacks succeeding. And the ways attackers strike keep expanding—supply‑chain attacks compromised data of over 78 million individuals in the first half of 2025.

2. The Price Tag: Still the Most Costly Sector

Healthcare retains the unenviable title of the costliest industry for data breaches. IBM’s 2025 report places the average cost per breach at $7.42 million, down from $9.77 million last year, but still the highest across all sectors.

A breakdown of costs reveals detection and escalation ($1.47M), lost business ($1.38M), and post-breach response ($1.2M) as the main expense drivers. Notably, healthcare breaches take the longest to identify and contain—279 days on average, nearly five weeks more than the global average.