2 min read

HIPAA Breach Report for March 2025

Picture of Dean Levitt Dean Levitt March 06, 2025

HIPAA Breach Reports
HIPAA Breach Report for March 2025

The HIPAA Breach Report for March 2025 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in February 2025.

 

This report covers:

 

HIPAA breaches ranked by people affected

Paubox HIPAA Breach Report March 2025 - HIPAA breaches ranked by people affected

 

Most common breaches by type

  • Network server breaches affected the most people. 2,171,588 individuals had their data breached.
  • Email breaches were the second most common breach, with 105,688 people affected.
  • Electronic Medical Record breaches affected 29,288 people, the third most common breach type.

 


HIPAA breaches ranked by occurrence

Paubox HIPAA Breach Report March 2025 - HIPAA breaches ranked by occurrence

 

Most common breach types

  • Network server was the most common attack vector. There were 26 network server breaches.
  • Email breaches were the second most common attack vector. There were 6 email breaches.
  • Electronic Medical Record breaches were the third most common attack vector, with 5 attacks each.

 

Year-over-year comparison

These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (March 2021, March 2022, March 2023, and March 2024) with this month’s report.

 

HIPAA breaches ranked by people affected

Paubox HIPAA Breach Report March 2025 - HIPAA breaches ranked by people affected - year-over-year comparison

 

What we observe

  • Network server, email, and electronic medical record breaches affected the most people overall in February 2025.

  • The number of people affected by network server breaches has decreased compared to the spikes seen in 2023 and 2024 but remains the dominant vector.

  • Email breaches have remained relatively consistent in impact over the last two years, though lower than 2021 levels.

 

HIPAA breaches ranked by occurrence

Paubox HIPAA Breach Report March 2025 - HIPAA breaches ranked by occurrence - year-over-year comparison

What we observe

  • Network server breaches continue to be the most frequent attack vector, accounting for 26 incidents in February 2025, a decrease from the 38 reported in the same month last year.

  • Email breach occurrences have dropped slightly to 6 incidents, the lowest in the five-year comparison period.

Takeaways

Network server breaches affected the most people in February 2025. Southeast Series of Lockton Companies, LLC (Lockton) had the most significant breach, which affected 1,124,727 people. New Era Life Insurance Companies had the second-largest breach, affecting 335,506 people.

The yearly comparison shows that network server breaches remain the most popular attack vector for bad actors. Overall, over 2.3 million individuals had their data accessed via 39 breaches reported in February 2025.

Full data

Click here to view the HHS’ raw data via Google Sheets.

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in February 2025.

SEE ALSO: HIPAA Compliant Email: The Definitive Guide

Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.
Send PHI securely—No portals required. The all-in-one email security suite for healthcare. HIPAA compliant email with Google and Microsoft.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.