The healthcare sector remains ground zero for cyber mischief. In fact, the U.S. Department of Health and Human Services (HHS) reported that nearly 30 million patient records were implicated in large breaches in the first half of 2025 alone. To (darkly) celebrate the year's biggest failures, let us hand out some "Hack Awards" for the most notorious healthcare breaches, before we get serious about what they teach us.
Every one of the year's biggest incidents was a hacking or ransomware event. The takeaways for healthcare organizations worldwide are clear: invest in security now, because patient lives and trust depend on it.
in first half of 2025
Yale New Haven Health
in Kenya's M-TIBA hack
Global Healthcare Hack Awards 2025
Mega Breach of the Year: Yale New Haven Health System (USA)
Spring 2025 was unkind to Yale New Haven. The Connecticut health giant disclosed a data breach affecting about 5.56 million patients. The hack (discovered in March 2025) allowed unauthorized actors to copy patient names, birthdates, phone numbers, SSNs, and more. Fortunately, the electronic medical records systems were not directly hit, and Yale says care was not interrupted. The takeaway? Even top U.S. hospitals can be blindsided by stealthy network intrusions.
Runner-Up: Episource (USA)
Episource, an IT vendor for health plans, earns the Runner-Up trophy after the February 2025 ransomware attack. The company admitted cybercriminals accessed its network from Jan 27 to Feb 6, 2025, and exfiltrated data on 5.4 million individuals. The stolen records included names, addresses, insurance and treatment data, and even Social Security numbers. In a classic move, Episource investigated, called law enforcement, and vowed to "make our systems even stronger"; a polite way of saying "we got owned, but we will patch up."
Most Disruptive Hack: Synnovis/NHS (England)
Across the pond, the award for "Most Disruptive Hack" goes to the ransomware attack on Synnovis (an NHS pathology services provider) in June 2024. The Qilin ransomware gang hit the lab network, severely hampering blood testing in London and triggering a nationwide O-negative blood shortage. London's King's College and Guy's hospitals had to postpone 10,152 outpatient appointments and 1,710 elective procedures as a result. The attack was a deliberate intent to cause maximum disruption to UK healthcare. In other words, this cyber-siege was literally a life-or-death affair for patients.
Multi-State Mayhem: DaVita (USA)
DaVita, a major kidney dialysis provider, wins the "Multi-State Mayhem" badge after their April 2025 ransomware breach. The Interlock ransomware gang claimed responsibility for encrypting DaVita's network and leaking data on roughly 2.69 million patients. DaVita's own breach notice revealed the hackers accessed its dialysis labs database, stealing names, addresses, SSNs, insurance info, even dialysis lab test results. The incident lasted from March 24 to April 12, 2025. DaVita says it is "continuously updating" its defenses, but healthcare organizations should ask: why let a cyber-ransom ring run wild for weeks?
Honorable (Dis)Mentions
- Blue Shield of California -- No hacker needed here, just a misconfiguration. A Google Analytics setting on Blue Shield's website accidentally exposed 4.7 million members' data to Google Ads (names, member IDs, etc.). Blue Shield insists no criminal stole the data, but it is an awkward reminder that even insurers can "leak by accident."
- Radiology Associates of Richmond (Virginia, USA) -- In April 2024 an unauthorized party accessed RAR's network, impacting roughly 1.42 million patients. That breach (reported to regulators in July 2025) shows how even specialist clinics can end up on the radar.
Africa's (Un)Scrupulous Winners
Digital Health Wallet Disaster: M-TIBA (Kenya)
Kenya's innovation of the year turned out to be cybercrime's feast. In October 2025, a hacking group called Kazu claimed to have stolen a massive trove from M-TIBA, Safaricom-backed mobile health wallet. Kazu boasted of pulling 2.15 terabytes (about 17 million files) of data, potentially affecting 4.8 million people. A 2GB sample leaked on their channel contained roughly 114,000 patient records with names, national IDs, phone numbers, billing info and even medical diagnoses. M-TIBA has not confirmed the full extent yet but whether 114K or 4.8M patient records were exposed, this is one of Kenya's largest-ever health breaches. A rude reminder that no health app is too big or small to target.
Patient Data Plunder (Nigeria)
In late 2024, nearly 130,000 Nigerian patient records (from multiple facilities) were allegedly dumped on a dark web forum. The CSV dataset (dated Oct 6, 2024) reportedly included patient names, card numbers, phone numbers, ages, birth dates, genders, addresses and more. This incident highlights that African health data is every bit as valuable as anywhere else, and more so as vulnerable. The exact source provider remains unnamed in the reporting, but the scale is jaw-dropping.
Most Patient Tests Canceled: NHLS (South Africa)
The award here goes to NHLS (South Africa). June 2024 brought chaos to South African healthcare when ransomware hit the National Health Laboratory Service. The attackers crippled parts of NHLS's IT systems, even deleting backup servers, forcing 265 laboratories to revert to pen and paper. No patient data was reported stolen, but the human cost was real: test results were delayed for weeks, straining hospitals and clinicians. NHLS vowed not to pay ransom, but patients suffered all the same.
Healthcare continues to lag in cybersecurity. Every one of the year's biggest incidents was a hacking or ransomware event. The trend is clear, and the stakes are life and death.
Lessons Learned
All joking aside, this awards show underscores a deadly trend: healthcare continues to lag in cybersecurity. HHS data reminds us that healthcare data breaches remain a challenge with nearly 30 million records breached in early 2025. And every one of the year's biggest incidents was a hacking or ransomware event. The takeaways for healthcare organizations worldwide are clear:
- Backups and Recovery: Keep backups offline or immutable. The NHLS attack deleted its backups, turning a hack into a full outage. Regularly test restore processes so you can recover without paying ransoms or sacrificing patient data.
- Patch and Monitor: Stay on top of software updates and network monitoring. Vulnerabilities like the one Cl0p exploited at Barts Health (Oracle E-Business Suite) can be patched, but only if you look for them. Logging and intrusion detection can alert you fast when an intruder lurks.
- Access Controls: Enforce strict identity hygiene. Use unique logins and multi-factor authentication; never share accounts. Implement role-based access and audit everything. Many breaches began with stolen or weak credentials, so get this right!
- Culture and Training: Treat cybersecurity as patient safety. Train every staff member on phishing, privacy, and security best practices. Even innocent-seeming errors like a misconfigured web analytics tool (Blue Shield) or clicking a bad email link can expose millions. Remember, as one expert warned of the Synnovis attack, these hacks aim for "maximum disruption" of care. Hospitals must harden their defenses before hackers make them.
As we head into 2026, healthcare organizations must shift from punishment to prevention. No one wants to win a "Worst Breach" trophy next year. Invest in security now, because patient lives and trust depend on it.
Security is not optional. Patient lives depend on it.