Healthcare cybersecurity has entered a new phase, according to a recent report by Tennessee-based Fortified Health Security. The 2026 Horizon Report indicates that in 2025, the healthcare sector shifted from the large-scale breaches of 2024 (Change Healthcare) to more frequent breaches that impacted less patient information.

The total breach counts in 2025 surpassed those in 2024 by approximately 112 percent, according to the report. “The healthcare sector is experiencing more frequent cyber events with smaller data footprints, driven largely by ransomware, identity compromise, and third-party weakness.”

Hacking and IT incidents continued to lead in 2025 and grew more rapidly than any other category. These incidents were driven by the exploitation of exposed servers, VPNs, and RDP (Remote Desktop Protocol), a surge in credential theft and MFA-bypass (Multi-Factor Authentication) activities, and cascading compromises involving vendors and third-party service providers. Unauthorized Access and Disclosure were the fastest-growing secondary category. Much of this increase resulted from routine but significant workforce errors, according to research by Fortified.

Network servers remained the most common location for compromised data. However, the biggest change was in email-based breaches, which more than doubled from the previous year. Additionally, paper records and EMR-related breaches also experienced moderate growth.

Fortified emphasized the importance of training. While awareness training is ongoing, healthcare organizations still need to find time to develop policies to ensure every employee is trained in cybersecurity.

A cybersecurity survey by Fortified revealed that only 6 percent of healthcare organizations are very confident in their ability to detect, contain, and recover from a cyber incident.

The report also highlighted the increase of Shadow AI (artificial intelligence), which refers to employees unauthorizedly using AI tools, models, or applications within a company, often circumventing IT and security controls. “Each upload, transcription, or query may be sending sensitive data into external environments that cannot be monitored or controlled…. Shadow AI may be the biggest data exfiltration risk we’ve ever faced because it doesn’t look like an attack; it looks like productivity.”

Fortified advised that managed security providers are crucial in helping healthcare organizations close this visibility gap. They can help develop AI governance strategies that meet compliance standards while fostering innovation.