July 2025 Healthcare Breach Snapshot: What Health Tech Must Learn

Written By L Trotter II

TL;DR July 2025 Healthcare Data Breach Report

July saw 48 healthcare data breaches, a 34% decrease from June, with approximately 3.7 million individual records exposed overall. While breach counts dipped, attacks remain highly targeted, costly, and damaging to patients. For health tech companies this is a critical reminder to strengthen your HIPAA compliance posture proactively before engaging providers or scaling partnerships.

Why Health Tech Companies Get Caught Off Guard

For digital health companies breaches usually happen because of hidden compliance gaps:

❌ No recent HIPAA Risk Assessment → unknown exposures put you at risk.

❌ Not properly vetting vendors → partners lacking security controls, leaving you liable.

❌ Missing incident response plan → delays increase financial and reputational damage.

*OCR has found inadequate HIPAA Risk Assessments as the top HIPAA audit finding, yet most companies neglect them or become aware after a security incident.

How to Build Trust Before the Breach

In health tech, compliance is a revenue driver.

Health systems need evidence that you can safeguard PHI before signing contracts.

Here are five actions you can take now to build trust and protect revenue:

1. Complete a HIPAA Risk Assessment

Identify threats, vulnerabilities, and your current security controls. Make sure your assessment isn't templated and reflects your operations. Risk should be considered for the people, systems, and processes involved with PHI, not just your flagship solution.

2. Map to a Cybersecurity Framework

Using NIST CSF or ISO 27001 accelerates scaling. By using a framework you can efficiently add additional compliance requirements like SOC 2 and make readiness a easier lift and get faster results.

3. Document PHI Data Flows

Know where PHI lives, who touches it, and how it’s secured. This helps you with your risk assessment and helps determine what systems to prioritize for protection and business continuity.

4. Vet Vendors Handling PHI

Ensure third-parities sign your Business Associate Agreements (BAAs) but don't stop there. Dig deeper by looking for compliance attestations and verifying controls through asking for evidence.

5. Build Security Into Sales Enablement

Integrate security into your sales deck including uptime SLAs, compliance certifications, vendor security policies, and HIPAA alignment to shorten provider onboarding timelines and build trust.

The HIPAA Exposure Guide

We developed this advance self-audit tool to assess your security posture at a growth stage to uncover compliance gaps before your buyers ask about them.

Inside, you’ll discover:

✅ What health system security teams look for when onboarding new solutions

✅ Advanced security controls that builds trust with providers

✅ Overlooked controls HIPAA Compliance checklists ignore

👉 Grab my ADV HIPAA EXP Guide, it’s the easiest first step to stay ahead of the procurement process to secure deals.

When a Guide Isn’t Enough

If you’re scaling fast and need to build trust with providers quickly, it may be time to bring in outside expertise.

Our vCISO services help health tech companies:

✅ Build framework driven security programs health systems trust

✅ Take over security responsibilities for overwhelmed for teams

✅ Respond to security questionnaires sent by prospects

In healthcare, trust is the difference between having your product piloted or ignored.

👉 Book a call now and we'll show you how we can help.

L Trotter II

As Founder and CEO of Inherent Security, Larry Trotter II is responsible for defining the mission and vision of the company, ensuring execution aligns with the business purpose. Larry has transformed Inherent Security from a consultancy to a cybersecurity company through partnerships and expert acquisitions. Today the company leverages its healthcare and government expertise to accelerate compliance operation for clients.

Larry has provided services for 12 years across the private industry developing security strategies and managing security operations for Fortune 500 companies and healthcare organizations. He is influential business leader who can demonstrate the value proposition of security and its direct link to customers.

Larry graduated from Old Dominion University with a bachelor’s degree in Business Administration with a focus on IT and Networking. Larry has accumulated certifications such as the CISM, ISO27001 Lead Implementer, GCIA and others. He serves on the Board of Directors for the MIT Enterprise Forum DC and Baltimore.

https://www.inherentsecurity.com
Previous

What to avoid when deploying AI in healthcare.
Next

ChatGPT-5 in Health Tech