The HIPAA Breach Report for June 2026 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in May 2026.
This report covers:
- HIPAA breaches ranked by people affected
- HIPAA breaches ranked by occurrence
- Year-over-year comparison
- Takeaways
- Full data
HIPAA breaches ranked by people affected

Most common breaches by type
- Network server breaches affected the most people. 688,466 individuals had their data breached.
- Email breaches were the second most common breach, with 181,909 people affected.
- Electronic medical record breaches affected 13,906 people, the third most impactful breach type.
HIPAA breaches ranked by occurrence

Most common breach types
- Network server was the most common attack vector. There were 39 network server breaches.
- Email breaches were the second most common attack vector. There were 19 email breaches.
- Electronic medical record breaches were the third most common attack vector, with 3 attacks.
Year-over-year comparison
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (June 2022, June 2023, June 2024, and June 2025) with this month’s report.
HIPAA breaches ranked by people affected

What we observe
-
Network server breaches affected the most people overall in May 2026, with 688,466 individuals impacted.
-
The number of people affected by network server breaches was the lowest in five years, down from 970,309 in 2025.
-
Email breaches rose sharply year-over-year, up to 181,909 from 55,720 in 2025.
HIPAA breaches ranked by occurrence

What we observe
-
Network server breaches continue to be the most frequent attack vector, accounting for 39 incidents in May 2026, up from 35 in 2025.
-
Email has consistently remained the second most frequent attack vector over the last five years, reaching 19 incidents this month.
Takeaways
Network server breaches affected the most people in May 2026. Radiology Associates of Richmond had the most significant breach, which affected 266,183 people. Western Orthopaedics, P.C. had the second-largest breach, affecting 113,330 people. The yearly comparison shows that network server breaches remain the most popular attack vector for bad actors.
Overall, 879,447 individuals had their data accessed via 61 breaches reported in May 2026.
Full data
Click here to view the HHS’ raw data via Google Sheets.
About the Paubox HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in May 2026.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.
