The Paubox HIPAA Breach Report analyzes protected health information (PHI) breaches affecting 500 or more people as reported to the Department of Health & Human Services (HHS) in March 2022.
This report covers:
- HIPAA breaches ranked by people affected
- HIPAA breaches ranked by occurrence
- Year over year comparison
- Takeaways
- Full data
HIPAA breaches ranked by people affected
Most common breaches by type
- Network server breaches affected the most people in March 2022. 1,555,025 individuals had their data breached.
- Email breaches were the second most common breach, with 108,461 people affected.
- Paper/films breaches affected 1,682 breaches, the third most common breach type.
HIPAA breaches by occurrence
Most common breach types
- Network server was the most common attack vector in March 2022. There were 22 network server breaches.
- Email breaches were the second most common attack vector; eight attacks via email were reported.
- Electronic medical record and paper/films breaches were each reported once last month.
Year over year comparison
These charts compare the HIPAA data breach statistics from previous Paubox HIPAA Breach Reports (April 2018, April 2019, April 2020, April 2021) with this month’s report.
HIPAA breaches ranked by people affected
What we observe
- Network server, email, and electronic medical record breaches affected most people overall in March 2018 – 2022.
- Network server breaches affected a total of 4,326,669 people in these months.
- Email breaches affected 1,428,369 people, and electronic medical record breaches affected 152,207.
HIPAA breaches ranked by occurrence
What we observe
- Network server, email, and paper/films breach types were the most common attack vectors in March 2018-2022.
- Network server breaches occurred 75 total times.
- Email breaches occurred a total of 50 times, and paper/films types occurred 19 times.
- The most significant number of email breaches happened in March 2021.
Takeaways
Network server breaches affected the most people in March 2022. South Denver Cardiology Associates, PC had the most significant breach that affected 287,652 people. Clinic of North Texas, LLP had the second-largest breach that affected 244,174 people.
The yearly comparison shows that network server breaches were the most popular attack vectors for bad actors over the last five March months. Over 1 million total individuals had their data breached via 75 network server breaches during this time.
Full data
Click here to view the HHS’ raw data via Google Sheets.
About the Paubox HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes recent PHI breaches that affected 500 or more individuals, as reported on the HHS Wall of Shame in March 2022.