Hack Awards 2025: Healthcare Cyber Incidents & Lessons

11 Dec, 2025. 10 min read.

Hack Awards

The healthcare sector remains ground zero for cyber mischief. In fact, the U.S. Department of Health and Human Services (HHS) reported that nearly 30 million patient records were implicated in large breaches in the first half of 2025 alone. To (darkly) celebrate the year's biggest failures, let's hand out some “Hack Awards” for the most notorious healthcare breaches, before we get serious about what they teach us.

Global Healthcare Hack Awards 2025

Mega Breach of the Year 🏆: Yale New Haven Health System (USA)

Spring 2025 was unkind to Yale New Haven. The Connecticut health giant disclosed a data breach affecting about 5.56 million patients. The hack (discovered in March 2025) allowed unauthorized actors to copy patient names, birthdates, phone numbers, SSNs, and more. (Fortunately, the electronic medical records systems weren't directly hit, and Yale says care wasn't interrupted.) The takeaway? Even top U.S. hospitals can be blindsided by stealthy network intrusions.

🥈 Ransomware Round-Up: Episource (USA)

Episource, an IT vendor for health plans, earns the Runner-Up trophy after the February 2025 ransomware attack. The company admitted cybercriminals accessed its network from Jan 27 - Feb 6, 2025, and exfiltrated data on 5.4 million individuals. The stolen records included names, addresses, insurance and treatment data, and even Social Security numbers. In a classic move, Episource investigated, called law enforcement, and vowed to "make our systems even stronger"; a polite way of saying “we got owned, but we'll patch up.”

🥉 UK Lab Lockdown: Synnovis/NHS (England)

Across the pond, the award for “Most Disruptive Hack” goes to the ransomware attack on Synnovis (an NHS pathology services provider) in June 2024. The Qilin ransomware gang hit the lab network, severely hampering blood testing in London and triggering a nationwide O-negative blood shortage. London's King's College and Guy's hospitals had to postpone 10,152 outpatient appointments and 1,710 elective procedures as a result. The attack was a deliberate intent to cause maximum disruption to UK healthcare. In other words, this cyber-siege was literally a life-or-death affair for patients.

🎖 Kidney Care Chaos: DaVita (USA)

DaVita, a major kidney dialysis provider, wins the “Multi-State Mayhem” badge after their April 2025 ransomware breach. The Interlock ransomware gang claimed responsibility for encrypting DaVita's network and leaking data on roughly 2.69 million patients. DaVita's own breach notice revealed the hackers accessed its dialysis labs database, stealing names, addresses, SSNs, insurance info, even dialysis lab test results. The incident lasted from March 24 to April 12, 2025. DaVita says it's “continuously updating” its defenses, but healthcare organizations should ask: why let a cyber-ransom ring run wild for weeks?

Honorable (Dis)Mentions

  • Blue Shield of California – No hacker needed here, just a misconfiguration. A Google Analytics setting on Blue Shield's website accidentally exposed 4.7 million members' data to Google Ad(names, member IDs, etc.). Blue Shield insists no criminal stole the data, but it's an awkward reminder that even insurers can “leak by accident.”
  • Radiology Associates of Richmond (Virginia, USA) – In April 2024 an unauthorized party accessed RAR's network, impacting ~1.42 million patients. That breach (reported to regulators in July 2025) shows how even specialist clinics can end up on the radar.

Africa's (Un)Scrupulous Winners

🏆 Digital Health Wallet Disaster: M-TIBA (Kenya)

Kenya's innovation of the year turned out to be cybercrime's feast. In October 2025, a hacking group called Kazu claimed to have stolen a massive trove from M-TIBA, Safaricom-backed mobile health wallet. Kazu boasted of pulling 2.15 terabytes (about 17 million files) of data, potentially affecting 4.8 million people. A 2GB sample leaked on their channel contained ~114,000 patient records with names, national IDs, phone numbers, billing info and even medical diagnoses. M-TIBA hasn't confirmed the full extent yet but whether 114K or 4.8M patient records were exposed, this is one of Kenya's largest-ever health breaches. A rude reminder that no health app is too big or small to target.

🥈 Patient Data Plunder

In late 2024, nearly 130,000 Nigerian patient records (from multiple facilities) were allegedly dumped on a dark web forum. The CSV dataset (dated Oct 6, 2024) reportedly included patient names, card numbers, phone numbers, ages, birth dates, genders, addresses and more. This incident highlights that African health data is every bit as valuable as anywhere else, and moreso as vulnerable. The exact source provider remains unnamed in the reporting, but the scale is jaw-dropping.

🥉 Most Patient Tests Canceled

The award here goes to NHLS (South Africa)!!! June 2024 brought chaos to South African healthcare when ransomware hit the National Health Laboratory Service. The attackers crippled parts of NHLS's IT systems, even deleting backup servers, forcing 265 laboratories to revert to pen and paper. No patient data was reported stolen, but the human cost was real: test results were delayed for weeks, straining hospitals and clinicians. NHLS vowed not to pay ransom, but patients suffered all the same.

Lessons Learned

All joking aside, this awards show underscores a deadly trend: healthcare continues to lag in cybersecurity. HHS data reminds us that healthcare data breaches remain a challenge with nearly 30 million records breached in early 2025. And every one of the year's biggest incidents was a hacking or ransomware event. The takeaways for healthcare organizations worldwide are clear:

  • Backups & Recovery: Keep backups offline or immutable. The NHLS attack deleted its backups, turning a hack into a full outage. Regularly test restore processes so you can recover without paying ransoms or sacrificing patient data.
  • Patch & Monitor: Stay on top of software updates and network monitoring. Vulnerabilities like the one Cl0p exploited at Barts Health (Oracle E-Business Suite) can be patched, but only if you look for them. Logging and intrusion detection can alert you fast when an intruder lurks.
  • Access Controls: Enforce strict identity hygiene. Use unique logins and multi-factor authentication; never share accounts. Implement role-based access and audit everything. Many breaches began with stolen or weak credentials, so get this right!
  • Culture & Training: Treat cybersecurity as patient safety. Train every staff member on phishing, privacy, and security best practices. Even innocent-seeming errors like a misconfigured web analytics tool (Blue Shield) or clicking a bad email link can expose millions. Remember, as one expert warned of the Synnovis attack, these hacks aim for “maximum disruption” of care. Hospitals must harden their defenses before hackers make them.

As we head into 2026, healthcare organizations must shift from punishment to prevention. No one wants to win a “Worst Breach” trophy next year. Invest in security now, because patient lives and trust depend on it.

Related Posts

Learning from a Breach: Lagos Hospital Data Loss

June 19, 2025

A real-world look at how a Lagos hospital lost sensitive patient data, and the vital lessons every healthcare provider in Nigeria can learn from it.

Read More

When Disaster Strikes: An Incident Response Story

June 12, 2025

Monday Morning: At 'Oto' General Hospital in Ibadan, the new week started like any other. Doctors reviewed schedules, nurses updated charts, and lab technicians logged in...

Read More

Lessons from a Ransomware Attack

August 28th, 2025

A reflective Q&A with a Nigerian hospital IT director on surviving a ransomware attack. Practical lessons on backups, staff training, and response planning for healthcare leaders....

Read More