Healthcare Breaches Double as Shadow AI and Vendor Risks Proliferate
The healthcare sector experienced twice as many cybersecurity breaches in 2025 as it did the year before, according to a new report from Fortified Health Security.
Healthcare Breaches Double as Shadow AI and Vendor Risks Proliferate
The healthcare sector experienced twice as many cybersecurity breaches in 2025 as it did the year before, according to a new report from Fortified Health Security. Despite the surge in incidents, the number of exposed patient records fell sharply, suggesting attackers are increasingly targeting operations rather than large-scale data theft.
Ransomware attacks and third-party vulnerabilities were the primary drivers behind the increase in breaches. Many of these incidents disrupted care delivery and hospital operations, signaling a shift in attacker objectives.
From Headline Breaches to Constant Disruption
Fortified’s report describes a sector moving away from occasional, high-profile breaches toward a steady stream of smaller but more frequent incidents. “The industry has shifted from major, headline events to a more taxing state of constant disruption,” the report said. This ongoing pressure is straining healthcare organizations that are already stretched thin, forcing them to balance cybersecurity demands with patient care responsibilities.
Low Confidence in Defensive Capabilities
While healthcare organizations are increasingly aware of cyber risks, confidence in their ability to respond effectively remains low. On third-party risk alone, just 4% of organizations reported high confidence in the adequacy of their vendor risk assessments.
Nearly two-thirds said they were only somewhat confident, while close to 30% admitted they lacked confidence entirely a troubling figure given the sector’s heavy reliance on external vendors and service providers.
Incident Response Still a Weak Spot
Confidence levels were similarly low when it came to incident response. Only 6% of organizations said they were very confident in their ability to quickly identify, contain, and recover from a cyber incident. Fortified characterized this as “progress without full trust in speed or consistency under pressure,” noting that partial improvements have not yet translated into operational certainty during crises.
The report also highlighted workforce instability as a major challenge. Healthcare organizations often rely on experienced staff to implement and explain cybersecurity practices, but high turnover means critical knowledge frequently leaves with them.
“Programs designed around perfect staffing conditions rarely survive contact with reality,” Fortified said, urging organizations to plan for change by preserving institutional knowledge and strengthening remaining teams.
Breaking the Cycle of Repeat Incidents
Fortified called on healthcare organizations to better operationalize lessons learned from past incidents to avoid “fighting the same fires again and again.” Improved visibility into overlapping and redundant technology stacks was cited as a key area for improvement.
Resistance to cybersecurity spending remains common, the report noted, because investments are often seen as diverting resources away from patient care. “Each dollar invested in security is a dollar not spent at the bedside,” Fortified said.
Shadow AI Emerges as a Growing Risk
The rapid adoption of artificial intelligence tools is introducing new risks, particularly as employees use AI without formal approval or oversight. “The adoption of AI tools is happening faster than healthcare organizations can write policies,” the report warned.
Rather than blocking AI outright, Fortified urged organizations to improve visibility into how tools are used, monitor for large or unusual data uploads, and educate staff on safe prompting practices. To succeed, executives must treat AI governance as a core business initiative, not a side project.
