Talk to sales
Start for free

The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health & Human Services (HHS) in September 2022.

This report will cover:

  • HIPAA breaches ranked by people affected
  • HIPAA breaches ranked by occurrence
  • Year over year comparison
  • Takeaways
  • Full data


HIPAA breaches ranked by people affected


Most common breaches by type

  • Network server breaches affected the most people in September 2022. 1,549,809 individuals had their data breached.
  • Electronic medical record (EMR) breaches were the second most common breach, with 591,723 people affected.
  • Email breaches affected 258,176 people, the third most common breach type.


HIPAA breaches by occurrence


Most common breach types

  • Network server was the most common attack vector in September 2022. There were 37 network server breaches.
  • Electronic medical record and email breaches were tied for the second most common attack vector, with each garnering 6 attacks during the month.
  • Other portable electronic device breaches were reported 3 times last month.


Year over year comparison

These charts compare the numbers reported in previous Paubox HIPAA Breach Reports with this month’s report.


HIPAA breaches ranked by people affected


What we observe

  • Network server, email, and laptop breaches affected most people overall in February 2018 – 2022.
  • Network server breaches affected a total of 3,390,809 people in these months.
  • Email breaches affected 1,431,222 people, and laptop breaches affected 657,655.


HIPAA breaches ranked by occurrence


What we observe

  • Network server, email and desktop breaches affected the most people overall across this comparison.
  • While desktop breaches had been steadily increasing over the past 3 years, they experienced a sharp decline in September 2022.
  • With the exception of an outlier in September 2020, email breaches have steadily increased year over year, affecting a total of 1,163,461 people in these months.



Network server breaches affected the most people in September 2022. Wolfe Clinic, P.C. had the most significant breach that affected 542,776 people. Empress Ambulance Service LLC had the second-largest breach, which affected 318,558 people.

The yearly comparison shows that network server breaches were the most popular attack vectors for bad actors over the last five September months. Over 1 million total individuals had their data accessed via 37 network server breaches during this time.



Full data

Click here to view the HHS’ raw data via Google Sheets.


About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in 2022.

SEE ALSO: HIPAA compliant email: the definitive guide


Start a 14-day free trial of Paubox Email Suite today