The HIPAA Breach Report for May 2025 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in April 2025.
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (May 2021, May 2022, May 2023, and May 2024) with this month’s report.
Network server, email, and desktop breaches affected the most people overall in April 2025.
The number of people affected by network server breaches is half of the previous April but remains the dominant vector by a huge margin.
Email breaches have increased twofold year-over-year in April.
Network server breaches continue to be the most frequent attack vector, accounting for 32 incidents in April 2025, relatively flat from the same month last year.
Email has remained a consistent attack vector over the last five years.
Network server breaches affected the most people in April 2025. Blue Shield of California had the most significant breach, which affected a massive 4.7 million people. Kelly & Associates Insurance Group, Inc. had the second-largest breach, affecting 553332 people.
The yearly comparison shows that network server breaches remain the most popular attack vector for bad actors. Overall, over 6 million individuals had their data accessed via 39 breaches reported in April 2025.
Click here to view the HHS’ raw data via Google Sheets.
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in April 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.