1 min read

HIPAA Breach Report for February 2026

Picture of Dean Levitt Dean Levitt February 18, 2026

HIPAA Breach Reports
HIPAA Breach Report for February 2026

The HIPAA Breach Report for February 2026 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in January 2025.

 

This report covers:

 

HIPAA breaches ranked by people affected

Paubox HIPAA Breach Report February 2026 - HIPAA breaches ranked by people affected

 

Most common breaches by type

  • Network server breaches affected the most people. 783,597 individuals had their data breached.
  • Electronic medical record breaches were the second most common breach, with 25,832 people affected.
  • Email breaches affected 25,643 people, the third most impactful breach type.

HIPAA breaches ranked by occurrence

Paubox HIPAA Breach Report February 2026 - HIPAA breaches ranked by occurrence

 

Most common breach types

  • Network server was the most common attack vector. There were 25 network server breaches.
  • Email breaches were the second most common attack vector. There were 7  breaches.
  • Electronic medical record breaches were the third most common attack vector, with 1 attack.

 

Year-over-year comparison

These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (February 2022, February 2023, February 2024, and February 2025) with this month’s report.

 

HIPAA breaches ranked by people affected

Paubox HIPAA Breach Report February 2026 - HIPAA breaches ranked by people affected - year-over-year comparison

 

What we observe

  • Network server breaches affected the most people overall in January 2026.

  • The number of people affected by network server breaches is less than half that of the previous year.

  • The number of individuals impacted by Email breaches in January 2026 was significantly lower than the previous year.

 

HIPAA breaches ranked by occurrence

Paubox HIPAA Breach Report February 2026 - HIPAA breaches ranked by occurrence - year-over-year comparison

What we observe

  • Network server breaches were the most frequent attack vector. 

  • Email, as a vector, was about half that of the previous year, but about average for the last few years.

Takeaways

Network server breaches affected the most people in January 2026. Minnesota Department of Human Services had the most significant breach, which affected 303,965 people. Wound Technology Network had the second-largest breach, affecting 139,830 people.

Overall, over 837,140 individuals had their data accessed via 40 breaches reported in January 2026.

Full data

Click here to view the HHS’ raw data via Google Sheets.

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in September 2025.

SEE ALSO: HIPAA Compliant Email: The Definitive Guide

Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.