The HIPAA Breach Report for July 2025 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in June 2025.
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (July 2021, July 2022, July 2023, and July 2024) with this month’s report.
Network server breaches affected the most people overall in May 2025.
The number of people affected by network server breaches double that of the previous year.
Email breaches remained relatively stead over the last five months of May.
Network server breaches, unusually, were the second most common attack vector, coming in second to email.
Email, as a the vector, was three times higher than in previous years.
Email breaches affected the most people in June 2025. Episource, LLC had the most significant breach, which affected over 5 million people. McLaren Health Care had the second-largest breach, affecting 743,131 people.
The yearly comparison shows that email breaches were the most popular attack vector for bad actors in June 2025, and unexpected change from network server. Overall, over 8 million individuals had their data accessed via 75 breaches reported in June 2025.
Click here to view the HHS’ raw data via Google Sheets.
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in June 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.