Hello. Here is today’s big number: 297.

That's the number of new U.S. healthcare data breaches under investigation so far this year at the Department of Health and Human Services. With six months to go in 2025, we are on track to outpace the 393 breach cases HHS opened during all of 2024. 

Many cyber incidents that disrupt medical offices and expose patient data are reported to state regulators but don’t make the running list of HHS investigations. (We cover a couple of those, below.) The department has historically had thin staffing for these probes, few of which have resulted in fines or demands to improve cybersecurity. One of the most recent cases in which there was a monetary payment and a corrective action plan took more than five years to complete.

On the provider side, why are healthcare organizations such seemingly easy marks? Yes, hospitals and clinics work on small margins and technology and training are expensive. But surely those factors can’t completely explain why cybersecurity is lacking in this industry.

Let’s talk about it. Email me your thoughts.

More than 101,000 patients due to receive notification that their sensitive information was exposed or stolen in a hack last year at Mainline Health Systems in Monticello, Ark. 

• Affected data includes financial account information, diagnoses, treatments, prescriptions and insurance data, among other particulars, Mainline said. 
• The company advised patients to watch for medical identity theft, in part by checking with their insurance companies for all claims paid in their names and disputing those that look wrong. 

Healthcare insurer Decisely disclosed that the Social Security numbers and other personal details of more than 65,000 people were stolen in a December hack of its cloud-storage platform. The company, based in Alpharetta, Ga., provides health insurance and tech tools to small businesses. 

Get those patches done: Exploited vulnerabilities are the most common root cause of ransomware attacks, according to new research from cyber company Sophos, which polled 3,400 security leaders globally. Compromised credentials were the second-biggest cause, followed by malicious email, the survey found. 

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.