Mirror Review
December 12, 2025
Conduent, a business services provider that handles billing, government health program support, and data services for hospitals and insurers, has become the center of one of the most serious Healthcare Data Breach incidents in U.S. history.
The recent Conduent cybersecurity breach affected about 10.5 million people and ranks as the 8th largest healthcare breach ever reported. It even stayed hidden for months before detection, raising questions about how modern cyber threats can quietly infiltrate even well-established systems.
In this article, we examine how this breach unfolded, why it went undetected, and place it in the broader historical context of the largest healthcare data breaches in the U.S.
What Happened in the Conduent Data Breach
- In late 2024, Conduent systems were infiltrated by hackers, later linked to the ransomware group SafePay.
- The attackers maintained access from October 21, 2024, until January 13, 2025, for more than 85 days of undetected access before the company even realised something was wrong.
- During that time, personal data, including names, Social Security numbers, dates of birth, medical coverage details, and other health information, was exfiltrated.
- The estimated size of the stolen data reached 8.5 terabytes, with 10.5M people affected, indicating a systematic sweep of sensitive records rather than a casual theft.
This breach highlights how sophisticated attacks can bypass defenses and remain unnoticed. And the fact that Conduent provides services for many health payers and government programs meant the consequences were widespread.
Why This Healthcare Data Breach Went Unnoticed
There are several reasons this Conduent breach remained undetected for so long:
- Deep Access Through a Third-Party Provider
Conduent acts as a business associate for many healthcare entities. This means it holds and processes data on behalf of others. When attackers got in, they had access to many systems across multiple partners.
- Advanced Ransomware Techniques
The SafePay group reportedly used sophisticated ransomware and data exfiltration tools that blended with normal traffic, making detection harder without proactive threat hunting.
- Delay in Notification and Discovery
The company didn’t discover the breach until January 2025 and only publicly notified affected individuals months later, in October 2025. Delays like this allow attackers more time to hide their trail.
This pattern of delayed detection is not unique but has become more common as attackers use automation and stealthy techniques to avoid triggering alarms.
Top 8 Healthcare Data Breaches in U.S. History
To understand how big the Conduent breach is, it helps to see it alongside other major incidents that shaped cybersecurity in healthcare:
Note: The data below is referenced from Healthcare Data Breach Statistics by HIPAA Journal
| Rank | Year | Breach | State | Entity Type | Individuals Affected |
| 1 | 2024 | Change Healthcare, Inc. | Minnesota | Business Associate | 192,700,000 |
| 2 | 2015 | Anthem Inc. | Indiana | Health Plan | 78,800,000 |
| 3 | 2023 | Welltok, Inc. | Colorado | Business Associate | 14,782,887 |
| 4 | 2024 | Kaiser Foundation Health Plan | California | Health Plan | 13,400,000 |
| 5 | 2019 | Optum360, LLC | Minnesota | Business Associate | 11,500,000 |
| 6 | 2023 | HCA Healthcare | Tennessee | Business Associate | 11,270,000 |
| 7 | 2015 | Premera Blue Cross | Washington | Health Plan | 11,000,000 |
| 8 | 2025 | Conduent Business Services | New Jersey | Business Associate | 10,515,849 |
These incidents reveal a pattern: hacking and IT breaches dominate the list, and business associates such as billing processors and tech partners feature heavily among the largest breaches.
Trends Behind The Healthcare Data Breaches
According to HIPAA Journal, Healthcare Data Breach events are increasing in size, if not always in frequency. In recent years:
- 2023 saw more than 133 million records exposed across reported breaches, higher than any previous year.
- Healthcare data breaches were an average of 71,276 records per breach in 2025.
- Nearly all top breaches were caused by hacking or IT security failures. This shows that attackers overwhelmingly use digital intrusion techniques to steal health data.
- Business associates now account for a growing share of high-impact breaches, underscoring systemic vulnerabilities.
The reality here is that the healthcare sector remains a prime target for attackers due to the sensitive nature of the data and the interconnected nature of modern healthcare IT systems.
What This Means for Patients and Providers
For patients whose data may be affected, experts recommend:
- Monitor credit reports regularly for unusual activity.
- Consider credit freezes or fraud alerts with major bureaus.
- Use credit monitoring services where offered by the breached entity.
Providers and partners, on the other hand, need to adopt proactive threat detection, regular security audits, and tighter controls over third-party access to data.
Conclusion
The Conduent Healthcare Data Breach that impacted over 10.5 million people proves how modern cyberattacks can go unnoticed for months.
Because attackers targeted a third-party service provider, the breach spread across multiple networks and remained hidden before discovery.
Viewed against the backdrop of past breaches, this incident reinforces that the healthcare sector must lift its cyber defenses and reexamine how partners and vendors are secured.
With sensitive medical and personal data at stake, preparedness is not optional but essential.
Maria Isabel Rodrigues
