The HIPAA Breach Report for April 2025 analyzes protected health information (PHI) breaches affecting 500 or more individuals as reported to the Department of Health and Human Services (HHS) in March 2025.
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (April 2021, April 2022, April 2023, and April 2024) with this month’s report.
Network server and email breaches affected the most people overall in March 2025.
The number of people affected by network server breaches has decreased compared to the spikes seen in 2023 and 2024 but remains the dominant vector year-over-year.
Email breaches have increased compared to recent years.
Network server breaches continue to be the most frequent attack vector, accounting for 26 incidents in February 2025, a decrease from the 69 reported in the same month last year.
Email breach occurrences have remained consisten over the five-year comparison period.
The largest single breach in April 2025 affected Frederick Health, impacting 934,326 individuals. The breach was reported as a Hacking/IT Incident involving a network server.
Network server breaches were the most common attack vector, accounting for 26 incidents and affecting a total of 1,764,096 individuals.
Email breaches were the second most common attack vector, with 10 incidents reported, affecting 217,986 individuals.
The yearly comparison shows that network server breaches remain the most popular attack vector for bad actors. Overall, 2 million individuals had their data accessed via 39 breaches reported in March 2025.
Click here to view the HHS’ raw data via Google Sheets.
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in March 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.