The HIPAA Breach Report for October 2025 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in September 2025.
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (October 2021, October 2022, October 2023, and October 2024) with this month’s report.
Network server breaches affected the most people overall in September 2025.
The number of people affected by network server breaches is significantly lower that of the previous 2 Septembers.
The number of individuals impacted by Email breaches in September 2025 was only slightly down compared to previous years.
Network server breaches were, as usual, the most frequent attack vector.
Email, as a the vector, was consistent with previous years' instances.
Network server breaches affected the most people in August 2025. Goshen Medical Center had the most significant breach, which affected 456,385 people. Medical Associates of Brevard, LLC had the second-largest breach, affecting 246,711 people.
Overall, over 1.5 million individuals had their data accessed via 36 breaches reported in August 2025.
Click here to view the HHS’ raw data via Google Sheets.
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in September 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.