HIPAA Breach Report for September 2021

by Hannah Trum Senior Marketing Specialist


The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health & Human Services (HHS) in August 2021.

This report will cover:

HIPAA breaches ranked by people affected

Graph of HIPAA breaches ranked by people affected in September 2021

Most common breaches by type

  • Network server affected the most people in August 2021. 4,536,149 individuals had their data breached.
  • Email breaches were the second most common, with 339,280 people affected.
  • Electronic medical record breaches affected 10,885 people, the third most common breach type.

HIPAA breaches by occurrence

Graph of HIPAA breaches ranked by occurrence in September 2021

Most common breach types

  • Network servers were the most common attack vector in August 2021. There were 14 network server breaches.
  • Email breaches were the second most common attack vector; thirteen attacks via email were reported.
  • Electronic medical record breaches were reported twice last month.


Network server breaches affected the most people and were the most common breach type for the third month in a row.

St. Joseph’s/Candler Health System, Inc. had the largest breach affecting 1,400,000 people. University Medical Center Southern Nevada had the second-largest breach affected 1,300,000 people. Both breaches occurred via a network server.

Full data

Click here to view the HHS’ raw data via Google Sheets.

RELATED: Google and HIPAA compliance: the ultimate guide

About the Paubox HIPAA Breach Report

The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in August 2021.

SEE ALSO: HIPAA compliant email: the definitive guide