Talk to sales
Start for free

The November Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health and Human Services (HHS) in October 2022.


This report covers:

  • HIPAA breaches ranked by people affected
  • HIPAA breaches ranked by occurrence
  • Year-over-year comparison
  • Takeaways
  • Full data

HIPAA breaches ranked by people affected


Most common breaches by type

  • Electronic medical record breaches affected the most people in October 2022. 3,009,038 individuals had their data breached.
  • Network server (EMR) breaches were the second most common breach, with 1,981,877 people affected.
  • Email breaches affected 677,050 people, the third most common breach type.


HIPAA breaches ranked by occurrence


Most common breach types

  • Network server was the most common attack vector in October 2022. There were 42 network server breaches.
  • Email breaches were the second most common attack vector. There were 16 email breaches.
  • Electronic medical record and other portable electronic device breaches were tied for the third most common attack vector, with each garnering four attacks during the month.


Year-over-year comparison

These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports with this month’s report.


HIPAA breaches ranked by people affected


What we observe

  • Network server, electronic medical record and other breaches affected the most people overall across this comparison.
  • With the exception of an outlier in October 2020, email breaches have steadily increased year over year, affecting a total of 1,661,242 people in these months.


HIPAA breaches ranked by occurrence



What we observe

  • Network server and email breach types were the most common attack vectors in this comparison.
  • Network server breaches more than doubled in October 2022 when compared to October 2021.
  • Paper/films breaches have seen a steady decline over this timespan, with only two occurrences in October 2022.



Electronic medical record breaches affected the most people in October 2022. Advocate Aurora Health had the most significant breach that affected 3,000,000 people. SightCare, Inc. had the second-largest breach, which affected 637,999 people.

The yearly comparison shows that network server breaches were the most popular attack vectors for bad actors over the last five October months. Over four million total individuals had their data accessed via 86 network server breaches during this time.


Full data

Click here to view the HHS’ raw data via Google Sheets.


About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in October 2022.


SEE ALSO: HIPAA Compliant Email: The Definitive Guide


Robust inbound email security is a necessity for businesses today. Keeping your email security strategy updated helps ensure the protection of your network.


Start a 14-day free trial of Paubox Email Suite today