Dissecting U.S. Healthcare Data Breaches (2024–2025): A Visual Deep Dive Using Power BI

As required by section 13402(e)(4) of the HITECH Act, the U.S. Department of Health and Human Services Office for Civil Rights must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The data collected from the past year reveals valuable insights into the frequency and cause of these high risk impact breaches.

Behind the Dashboard

This dashboard was built in Power BI using data from the HHS breach portal, filtered for breaches reported between June 2024 and June 2025. Each visual highlights a different aspect of the threat landscape—from total individuals affected to breach type and storage location.

The goal is simple: transform raw cybersecurity data into clear, actionable insights. Whether you’re a policy maker, IT analyst, or just someone interested in the health tech space, these trends show how urgent and persistent the threat to protected health information remains.

Protected Health Information

A breach of protected health information (PHI) refers to the unauthorized access, use, or disclosure of sensitive patient data due to the failure to encrypt or protect. This may include information such as medical records, diagnoses, and treatment histories. Under HIPAA breaches affecting 500 or more individuals must be reported to the U.S. Department of Health and Human Services (HHS) and is made publicly available. This transparency is intended to hold organizations accountable and alert the public.

The real world consequences are significant: compromised PHI can lead to medical identity theft, insurance fraud, or even denial of care. Breach prevention is a critical concern and a high risk event for both providers and patients alike.

325 Million Individuals Affected

A worrying 325 million people were impacted by reported breaches in just this one year period. This reflects the growing scale and severity of cyberattacks and mishandled PHI. This is a wake up call for both healthcare providers and business associates to strengthen their strategies.

798 Breaches in 12 Months

This is on average more than 1 breach every single day, with widespread impact across nearly all 50 states. The healthcare sector will continue to be a target for cybercriminals due to the value of such sensitive medical data.

28.2% of Breaches had a Business Associate Present

Having over a quarter of incidents where a business associate was present -- such as third party billing, IT vendor, cloud service provider, etc. -- highlights the importance of third party risk management. Though this does not necessarily mean the third parties were solely responsible, it is a reminder that healthcare entities must ensure their vendors follow the same security protocols.

Most Common Breach Type: Hacking / IT incidents

Hacking and IT incidents dominated as the most common cause of breach within the data set. These attacks are often targeted at vulnerable infrastructure, weak credentials, or phishing to gain unauthorized access.

Geographic Breakdown of Breaches

States like California, Texas, and New York report the most breaches, but no state is immune. This underscores the nationwide nature of the threat on PHI.

Who is Getting Breached?

Healthcare providers accounted for the majority of incidents, followed by business associates and health plans. The volume suggests that frontline medical institutions may face greater exposure, possibly due to complex IT systems and high-pressure operational environments.

Number of Breaches vs. Impacted Individuals

The time series graph shows a steady stream of breaches throughout the year. A more significant depiction shown is the great amount of individuals compared to 1 or even 2 attacks. It only takes one incident to compromise the health and safety of such a great number of individuals.

Where Breached Data was Stored or Accessed

Most breaches occurred on network servers (72%), followed by email systems (21%) and paper records (3.75%). This distribution suggests that digitally stored PHI is far more exposed, especially when not encrypted or protected by proper access controls.

Takeaways for Risk Mitigation

• Encrypt all PHI, especially data on network servers and email platforms.

• Vet your business associates—nearly 1 in 3 breaches involved a third party.

• Educate staff on phishing and secure handling of electronic and paper records.

• Invest in cybersecurity tools like endpoint detection, MFA, and SIEM systems.