Back to news
Cybersecurity Alert
June 14, 2026 by EmailMeNow IT Consulting

Healthcare Data Breaches Across State AG Portals: 2026 Tracker

Texas, Washington, and California AG breach data show 251 healthcare-related notices in 2026 YTD (186 TX, 24 WA, 41 CA list-only), affecting millions where resident counts are published. Cross-state tracker with dashboards and named providers.

Source: State Attorney General Breach Portals

Multi-StateHealthcareHIPAAData BreachTexasWashingtonCaliforniaState AG
Healthcare data breach tracker across Texas, Washington, and California state AG portals in 2026

Healthcare organizations dominate state Attorney General breach filings. Filtering 2026 notices that list medical or health-insurance information shows 165 reports in Texas affecting 16,152,032 Texans and 21 reports in Washington affecting 107,672 Washingtonians — before counting California list entries that do not publish resident totals (40 likely healthcare entities on the California AG list in 2026).

National vendors and regional clinics appear on multiple state portals. Conduent Business Services, Texas Tech University Health Sciences Center, Episource, and TriZetto Provider Solutions lead Texas; Mt. Spokane Pediatrics, OpenLoop Health, and WellPoint (Elevance Health) lead Washington.

Texas Healthcare Breaches (2026)

Interactive Tracker

Texas Healthcare Breaches: 2026 OAG Reports

Texans affected by 2026 breaches exposing medical or health-insurance data, by month

Data current through Jul 3, 2026
2026 YTD reports 186
Texans affected 16.6M
Largest report 12.8M
Jan
130.1K
Feb
596K
Mar
758.6K
Apr
928.5K
May
13.2M
Jun
909.9K
Jul MTD
9.2K
Show largest 2026 healthcare breach reports
Entity Published Texans affected Sector
Conduent Business Services, LLC (revised submission) May 20, 2026 12,784,367 Healthcare / Medical
Texas Tech University Health Sciences Center Apr 27, 2026 738,506 Healthcare / Medical
Episource, LLC Feb 11, 2026 351,562 Healthcare / Medical
TriZetto Provider Solutions Jun 2, 2026 312,562 Healthcare / Medical
Medtronic Inc. Jun 30, 2026 297,307 Healthcare / Medical

Source: Texas OAG Data Security Breach Reports, filtered to 2026 notices listing medical or health-insurance information. Data current through Jul 3, 2026. Totals may change as the OAG updates the portal.

Sources

State AG breach portals

State AG reporting & notices

Largest Texas Healthcare Notices

OrganizationTexans AffectedDate Published
Conduent Business Services, LLC (revised submission)12,784,367May 20, 2026
Texas Tech University Health Sciences Center738,506Apr 27, 2026
Episource, LLC351,562Feb 11, 2026
TriZetto Provider Solutions312,562Jun 2, 2026
Medtronic Inc.297,307Jun 30, 2026

Washington Healthcare Breaches (2026)

Interactive Tracker

Washington Healthcare Breaches: 2026 AG Reports

Washingtonians affected by 2026 breaches exposing medical or health-insurance data, by month

Data current through Jun 19, 2026
2026 YTD reports 24
Washingtonians affected 147.1K
Largest report 29.4K
Mar
20K
Apr
58.8K
May
16.9K
Jun
51.4K
Show largest 2026 Washington healthcare breach reports
Entity Published Washingtonians affected Sector
Mt. Spokane Pediatrics Apr 30, 2026 29,410 Healthcare / Medical
Xsolis, Inc. Jun 19, 2026 24,711 Healthcare / Medical
OpenLoop Health Inc. Mar 27, 2026 19,980 Healthcare / Medical
WellPoint (Independent Clinics of Washington, Elevance Health) Jun 2, 2026 12,017 Healthcare / Medical
Bayside Dental Apr 17, 2026 9,683 Healthcare / Medical

Source: Washington State Attorney General - Data Breach Notifications, industry-filtered. Data current through Jun 19, 2026.

Sources

Largest Washington Healthcare Notices

OrganizationWashingtonians AffectedDate Published
Mt. Spokane Pediatrics29,410Apr 30, 2026
Xsolis, Inc.24,711Jun 19, 2026
OpenLoop Health Inc.19,980Mar 27, 2026
WellPoint (Independent Clinics of Washington, Elevance Health)12,017Jun 2, 2026
Bayside Dental9,683Apr 17, 2026

HHS OCR Large Breaches (2026 Submissions)

Federal HHS OCR submissions dated in 2026 currently list 220 large breaches on the live under-investigation portal, affecting 20,317,373 individuals nationally (not state-resident totals). Current through July 6, 2026.

Interactive Tracker

HHS OCR Large Healthcare Breaches: 2026 Submissions

HIPAA breach reports with a 2026 submission date, by month

Data current through July 6, 2026
2026 YTD reports 220
Individuals affected 20.3M
Largest report 3.4M
Jan
844.8K
Feb
7.1M
Mar
8.7M
Apr
1.3M
May
797.6K
Jun
1.5M
Jul MTD
8.2K
Show largest 2026 HHS OCR breach reports
Entity Published Individuals affected Sector
TriZetto Provider Solutions Feb 6, 2026 3,433,965 Business Associate
QualDerm Partners, LLC Feb 22, 2026 3,117,874 Healthcare Provider
Nacogdoches Memorial Hospital n Mar 30, 2026 2,507,073 Healthcare Provider
Navia Benefit Solutions, Inc. Mar 18, 2026 2,151,330 Business Associate
New York City Health and Hospitals Corporation Mar 24, 2026 1,800,000 Healthcare Provider

Source: HHS OCR Breach Portal (under-investigation view). Figures are national individuals-affected counts for covered entities; entity state does not equal state-resident totals.

Sources

California AG List (No Affected Counts)

California publishes incident names without resident totals.

List-Only Tracker

California Healthcare Breaches: 2026 AG List

Likely healthcare entities on the California AG data breach list, by month — California does not publish residents-affected counts

Data current through Jun 12, 2026
2026 YTD reports 41
Entities listed 41
Jan
17 reports
Feb
5 reports
Mar
7 reports
Apr
6 reports
May
3 reports
Jun
3 reports
Show all 2026 California healthcare list entries
Entity Published
Virta Medical PC Jun 12, 2026
Clinical Registry Solutions Jun 11, 2026
Ultrahuman Healthcare Private Limited Jun 5, 2026
Southern California University of Health Sciences May 19, 2026
Family Health Centers of San Diego May 12, 2026
Sanger Skilled Care, LLC dba Cornerstone Care Center May 7, 2026
L.A. Care Health Plan Apr 27, 2026
Conduent Business Services, LLC Apr 27, 2026
Texas Tech University Health Sciences Center Apr 24, 2026
City Health, a medical corporation Apr 14, 2026
Pediatric Products, LLC Apr 14, 2026
CardioFit Medical Group, Inc. Apr 9, 2026
Nephrology Associates Medical Group Mar 26, 2026
Conduent Business Services, LLC Mar 24, 2026
Stockton Cardiology Medical Group Mar 20, 2026
Northwest Medical Homes, LLC Mar 5, 2026
Tieu Dental Corporation Mar 5, 2026
Palo Verde Hospital Mar 2, 2026
Valley Radiology Consultants Medical Group Mar 2, 2026
Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group Feb 24, 2026
North East Medical Services Feb 18, 2026
AltaMed Health Services Corporation Feb 12, 2026
TriZetto Provider Solutions Feb 11, 2026
Episource, LLC Feb 9, 2026
Conduent Business Services, LLC Jan 30, 2026
Native American Health Center Jan 28, 2026
Brown & Toland Physicians Jan 26, 2026
Petaluma Health Center Jan 20, 2026
Winters Healthcare Jan 20, 2026
Indian Health Center of Santa Clara Valley Jan 16, 2026
La Clinica de La Raza, Inc. Jan 15, 2026
LifeLong Medical Care Jan 14, 2026
Asian and Pacific Islander Wellness Center, Inc. dba San Francisco Community Health Center Jan 9, 2026
Harmony Health Medical Clinic and Family Resource Center Jan 8, 2026
Open Door Community Health Centers Jan 8, 2026
Mission Neighborhood Health Center Jan 7, 2026
CE-Edinger Medical Group BA - TriZetto TPS Jan 7, 2026
Native American Health Center Jan 6, 2026
Imperial Beach Community Clinic (“IB Clinic”) Jan 6, 2026
Santa Rosa Community Health Centers Jan 5, 2026
Conduent Business Services, LLC Jan 2, 2026

Source: California Attorney General - Data Breach List, filtered to likely healthcare providers, clinics, payers, and medical vendors. California does not publish residents-affected counts.

Sources

State AG breach portals

See our California AG breach tracker for full incident monitoring.

Why Email Security Matters

Many healthcare breaches begin with phishing or compromised email accounts. The HIPAA Security Rule requires documented safeguards for ePHI in transit — areas our audit scores directly.

Check any practice’s posture at audit.emailmenow.com/?industry=healthcare-practices.

Recommendations

  • Enforce DMARC, strict SPF, and DKIM; add MTA-STS where feasible.
  • Complete and document a HIPAA security risk analysis.
  • Train staff and oversee Business Associate vendors.