Industry Solutions Banking & Finance Healthcare Manufacturing Legal Government & Defense How It Works Cost Savings Knowledge Blog About Request Demo

Analysis of All 710 Large 2025 Healthcare Breaches Finds More Than a Third Hit Third-Party Vendors, a Warning Sign for Cloud AI

Cognetryx review of every large breach in the HHS public record finds 86% involved data in the exact digital form cloud AI requests rely on.

FOR IMMEDIATE RELEASE

Cognetryx, a private AI platform for regulated industries, today published an original analysis of all 710 large healthcare data breaches reported to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) in 2025. The breaches affected more than 61.5 million people. The analysis surfaces two patterns in the public record that bear directly on a decision many health systems are weighing right now: whether to send patient data to cloud AI services.

Key findings

"Cloud AI does not invent this risk. It joins it. The breach record already tells health systems two things: a third of the exposure lives on the third-party side, and the data that leaks is the digital, network-accessible kind. Adding another outside vendor that processes more patient data faster expands the exact surface the public record is warning about."
Keith Kennedy, Founder and CEO of Cognetryx, CISSP

The analysis argues the real question is less about whether a given AI model is trustworthy, and more about whether patient data should be in the form that leaks, sent to a party outside the network. Running AI inside the health system's own environment keeps PHI out of the third-party breach category entirely.

Read the full analysis

The complete breakdown of the 2025 OCR breach record, with the methodology and the Blue Shield case, is here: What 710 Healthcare Data Breaches Say About Putting Patient Data in Cloud AI.

About Cognetryx

Cognetryx builds private, on-premises AI for regulated industries. The platform deploys inside an organization's own network, indexes its own documents, and serves AI models privately, so sensitive records never leave the environment the organization controls. Cognetryx is led by founder and CEO Keith Kennedy, CISSP, who has spent nearly 20 years building secure infrastructure for regulated industries.

Media contact: [email protected] ยท www.cognetryx.com
Data source: U.S. HHS Office for Civil Rights breach portal, 2025 large-breach reports (500 or more individuals), as compiled in February 2026. Percentages reflect the share of breach incidents.

More from the Cognetryx newsroom. Back to Press →