.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Dean Levitt
The HIPAA Breach Report for April 2026 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in March 2025.
This report covers:
- HIPAA breaches ranked by people affected
- HIPAA breaches ranked by occurrence
- Year-over-year comparison
- Takeaways
- Full data
HIPAA breaches ranked by people affected
Most common breaches by type
- Network server breaches affected the most people. 8,486,294 individuals had their data breached.
- Other breaches were the second most common breach, with 2,164,474 people affected.
- Email breaches affected 179,565 people, the third most impactful breach type.
HIPAA breaches ranked by occurrence
Most common breach types
- Network server was the most common attack vector. There were 35 network server breaches.
- Email breaches were the second most common attack vector. There were 9 breaches.
- Other breaches were the third most common attack vectors, with 7 attacks.
Year-over-year comparison
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (April 2022, April 2023, April 2024, and April 2025) with this month’s report.
HIPAA breaches ranked by people affected
What we observe
-
Network server breaches affected the most people overall in March 2026.
-
The number of people affected by network server breaches is more than four times that of the previous year.
-
The number of individuals impacted by Email breaches in March 2026 was roughly average compared to the previous few years.
HIPAA breaches ranked by occurrence
What we observe
-
Network server breaches were the most frequent attack vector.
-
Email, as a vector, was about average for the last few years.
Takeaways
Network server breaches affected the most people in January 2026. Nacogdoches Memorial Hospital had the most significant breach, which affected 2,507,073 people. Navia Benefit Solutions, Inc. had the second-largest breach, affecting 2,151,330 people.
Overall, over 8,676,224 individuals had their data accessed via 48 breaches reported in March 2026.
Full data
Click here to view the HHS’ raw data via Google Sheets.
About the Paubox HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in September 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.
