The HIPAA Breach Report for June 2025 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in May 2025.
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (June 2021, June 2022, June 2023, and June 2024) with this month’s report.
Network server, email, and other breaches affected the most people overall in May 2025.
The number of people affected by network server breaches was the lowest in five years.
Email breaches were down from the previous year's May.
Network server breaches continue to be the most frequent attack vector, accounting for 35 incidents in May 2025, relatively flat from the same month last year.
Email has consistently remained a the 2nd most frequent attack vector over the last five years.
Network server breaches affected the most people in May 2025. Harbin Clinic had the most significant breach, which affected over 176,000 people. MedStar St. Mary's Hospital had the second-largest breach, affecting 172,915 people.
The yearly comparison shows that network server breaches remain the most popular attack vector for bad actors. Overall, over 1 million individuals had their data accessed via 54 breaches reported in May 2025.
Click here to view the HHS’ raw data via Google Sheets.
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in May 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.