At 12:01 a.m. on October 1, 2025, the federal government entered a shutdown after Congress failed to pass appropriations legislation for FY 2026. HHS has furloughed approximately 32,000 of its nearly 80,000 employees — roughly 41% of the department's workforce. CMS is operating at 53% capacity.
2025 final tally: ~710 large breaches affecting approximately 62 million individuals (preliminary). The Conduent breach alone — now confirmed at 25M+ — will push this figure significantly higher when fully tabulated.
Five years of OCR breach portal data, combined with structural and operational trends in the healthcare sector, point to a clear set of organizational profiles most likely to suffer material breaches in the next 18 months.
This calendar consolidates federal and state regulatory deadlines, enforcement milestones, and compliance action dates relevant to HIPAA-covered entities and business associates in the healthcare sector. Dates are organized chronologically.
North Korea Enters Healthcare Ransomware.** The Lazarus Group has been confirmed operating as a Medusa ransomware affiliate, targeting U.S. healthcare and non-profit organizations since November 2025. This marks a significant convergence of nation-state and criminal operations.
This document provides a consolidated reference of ransomware groups and threat actors actively targeting healthcare organizations.
This report covers: the quarter's breach data, the threat actors that matter most heading into 2026, regulatory developments, a featured analysis of the TriZetto breach, and our forward-looking threat assessment for Q1 2026.
46 large healthcare data breaches were reported to OCR in January (the most recent complete month) — continuing the trend of suppressed reporting that began during the government shutdown.
