The HIPAA Breach Report for September 2025 analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in August 2025.
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (September 2021, September 2022, September 2023, and September 2024) with this month’s report.
Network server breaches affected the most people overall in August 2025.
The number of people affected by network server breaches is almost three times less that of the previous August.
The number of individuals impacted by Email breaches in August 2025 were down compared to previous years.
Network server breaches were, yet again, the most frequent attack vector.
Email, as a the vector, was consistent with previous years' instances.
Network server breaches affected the most people in August 2025. DaVita Inc. had the most significant breach, which affected 2.6 million people. Vital Imaging Medical Diagnostic Centers had the second-largest breach, affecting nearly 260,000 people.
Overall, over 3.8 million individuals had their data accessed via 63 breaches reported in August 2025.
Click here to view the HHS’ raw data via Google Sheets.
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in August 2025.
SEE ALSO: HIPAA Compliant Email: The Definitive Guide
Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.