Healthcare organizations dominate state Attorney General breach filings. Filtering 2026 notices that list medical or health-insurance information shows 165 reports in Texas affecting 16,152,032 Texans and 21 reports in Washington affecting 107,672 Washingtonians — before counting California list entries that do not publish resident totals (40 likely healthcare entities on the California AG list in 2026).
National vendors and regional clinics appear on multiple state portals. Conduent Business Services, Texas Tech University Health Sciences Center, Episource, and TriZetto Provider Solutions lead Texas; Mt. Spokane Pediatrics, OpenLoop Health, and WellPoint (Elevance Health) lead Washington.
Texas Healthcare Breaches (2026)
Interactive Tracker
Texas Healthcare Breaches: 2026 OAG Reports
Texans affected by 2026 breaches exposing medical or health-insurance data, by month
Show largest 2026 healthcare breach reports
| Entity | Published | Texans affected | Sector |
|---|---|---|---|
| Conduent Business Services, LLC (revised submission) | May 20, 2026 | 12,784,367 | Healthcare / Medical |
| Texas Tech University Health Sciences Center | Apr 27, 2026 | 738,506 | Healthcare / Medical |
| Episource, LLC | Feb 11, 2026 | 351,562 | Healthcare / Medical |
| TriZetto Provider Solutions | Jun 2, 2026 | 312,562 | Healthcare / Medical |
| Medtronic Inc. | Jun 30, 2026 | 297,307 | Healthcare / Medical |
Source: Texas OAG Data Security Breach Reports, filtered to 2026 notices listing medical or health-insurance information. Data current through Jul 3, 2026. Totals may change as the OAG updates the portal.
Sources
State AG breach portals
State AG reporting & notices
Largest Texas Healthcare Notices
| Organization | Texans Affected | Date Published |
|---|---|---|
| Conduent Business Services, LLC (revised submission) | 12,784,367 | May 20, 2026 |
| Texas Tech University Health Sciences Center | 738,506 | Apr 27, 2026 |
| Episource, LLC | 351,562 | Feb 11, 2026 |
| TriZetto Provider Solutions | 312,562 | Jun 2, 2026 |
| Medtronic Inc. | 297,307 | Jun 30, 2026 |
Washington Healthcare Breaches (2026)
Interactive Tracker
Washington Healthcare Breaches: 2026 AG Reports
Washingtonians affected by 2026 breaches exposing medical or health-insurance data, by month
Show largest 2026 Washington healthcare breach reports
| Entity | Published | Washingtonians affected | Sector |
|---|---|---|---|
| Mt. Spokane Pediatrics | Apr 30, 2026 | 29,410 | Healthcare / Medical |
| Xsolis, Inc. | Jun 19, 2026 | 24,711 | Healthcare / Medical |
| OpenLoop Health Inc. | Mar 27, 2026 | 19,980 | Healthcare / Medical |
| WellPoint (Independent Clinics of Washington, Elevance Health) | Jun 2, 2026 | 12,017 | Healthcare / Medical |
| Bayside Dental | Apr 17, 2026 | 9,683 | Healthcare / Medical |
Source: Washington State Attorney General - Data Breach Notifications, industry-filtered. Data current through Jun 19, 2026.
Sources
State AG breach portals
Largest Washington Healthcare Notices
| Organization | Washingtonians Affected | Date Published |
|---|---|---|
| Mt. Spokane Pediatrics | 29,410 | Apr 30, 2026 |
| Xsolis, Inc. | 24,711 | Jun 19, 2026 |
| OpenLoop Health Inc. | 19,980 | Mar 27, 2026 |
| WellPoint (Independent Clinics of Washington, Elevance Health) | 12,017 | Jun 2, 2026 |
| Bayside Dental | 9,683 | Apr 17, 2026 |
HHS OCR Large Breaches (2026 Submissions)
Federal HHS OCR submissions dated in 2026 currently list 220 large breaches on the live under-investigation portal, affecting 20,317,373 individuals nationally (not state-resident totals). Current through July 6, 2026.
Interactive Tracker
HHS OCR Large Healthcare Breaches: 2026 Submissions
HIPAA breach reports with a 2026 submission date, by month
Show largest 2026 HHS OCR breach reports
| Entity | Published | Individuals affected | Sector |
|---|---|---|---|
| TriZetto Provider Solutions | Feb 6, 2026 | 3,433,965 | Business Associate |
| QualDerm Partners, LLC | Feb 22, 2026 | 3,117,874 | Healthcare Provider |
| Nacogdoches Memorial Hospital n | Mar 30, 2026 | 2,507,073 | Healthcare Provider |
| Navia Benefit Solutions, Inc. | Mar 18, 2026 | 2,151,330 | Business Associate |
| New York City Health and Hospitals Corporation | Mar 24, 2026 | 1,800,000 | Healthcare Provider |
Source: HHS OCR Breach Portal (under-investigation view). Figures are national individuals-affected counts for covered entities; entity state does not equal state-resident totals.
Sources
State AG breach portals
State AG reporting & notices
Federal registries
Breach databases & aggregators
News & analysis
California AG List (No Affected Counts)
California publishes incident names without resident totals.
List-Only Tracker
California Healthcare Breaches: 2026 AG List
Likely healthcare entities on the California AG data breach list, by month — California does not publish residents-affected counts
Show all 2026 California healthcare list entries
| Entity | Published |
|---|---|
| Virta Medical PC | Jun 12, 2026 |
| Clinical Registry Solutions | Jun 11, 2026 |
| Ultrahuman Healthcare Private Limited | Jun 5, 2026 |
| Southern California University of Health Sciences | May 19, 2026 |
| Family Health Centers of San Diego | May 12, 2026 |
| Sanger Skilled Care, LLC dba Cornerstone Care Center | May 7, 2026 |
| L.A. Care Health Plan | Apr 27, 2026 |
| Conduent Business Services, LLC | Apr 27, 2026 |
| Texas Tech University Health Sciences Center | Apr 24, 2026 |
| City Health, a medical corporation | Apr 14, 2026 |
| Pediatric Products, LLC | Apr 14, 2026 |
| CardioFit Medical Group, Inc. | Apr 9, 2026 |
| Nephrology Associates Medical Group | Mar 26, 2026 |
| Conduent Business Services, LLC | Mar 24, 2026 |
| Stockton Cardiology Medical Group | Mar 20, 2026 |
| Northwest Medical Homes, LLC | Mar 5, 2026 |
| Tieu Dental Corporation | Mar 5, 2026 |
| Palo Verde Hospital | Mar 2, 2026 |
| Valley Radiology Consultants Medical Group | Mar 2, 2026 |
| Couve Healthcare Consulting, LLC DBA Evergreen Healthcare Group | Feb 24, 2026 |
| North East Medical Services | Feb 18, 2026 |
| AltaMed Health Services Corporation | Feb 12, 2026 |
| TriZetto Provider Solutions | Feb 11, 2026 |
| Episource, LLC | Feb 9, 2026 |
| Conduent Business Services, LLC | Jan 30, 2026 |
| Native American Health Center | Jan 28, 2026 |
| Brown & Toland Physicians | Jan 26, 2026 |
| Petaluma Health Center | Jan 20, 2026 |
| Winters Healthcare | Jan 20, 2026 |
| Indian Health Center of Santa Clara Valley | Jan 16, 2026 |
| La Clinica de La Raza, Inc. | Jan 15, 2026 |
| LifeLong Medical Care | Jan 14, 2026 |
| Asian and Pacific Islander Wellness Center, Inc. dba San Francisco Community Health Center | Jan 9, 2026 |
| Harmony Health Medical Clinic and Family Resource Center | Jan 8, 2026 |
| Open Door Community Health Centers | Jan 8, 2026 |
| Mission Neighborhood Health Center | Jan 7, 2026 |
| CE-Edinger Medical Group BA - TriZetto TPS | Jan 7, 2026 |
| Native American Health Center | Jan 6, 2026 |
| Imperial Beach Community Clinic (“IB Clinic”) | Jan 6, 2026 |
| Santa Rosa Community Health Centers | Jan 5, 2026 |
| Conduent Business Services, LLC | Jan 2, 2026 |
Source: California Attorney General - Data Breach List, filtered to likely healthcare providers, clinics, payers, and medical vendors. California does not publish residents-affected counts.
Sources
State AG breach portals
See our California AG breach tracker for full incident monitoring.
Why Email Security Matters
Many healthcare breaches begin with phishing or compromised email accounts. The HIPAA Security Rule requires documented safeguards for ePHI in transit — areas our audit scores directly.
Check any practice’s posture at audit.emailmenow.com/?industry=healthcare-practices.
Recommendations
- Enforce DMARC, strict SPF, and DKIM; add MTA-STS where feasible.
- Complete and document a HIPAA security risk analysis.
- Train staff and oversee Business Associate vendors.
Related trackers
- Texas healthcare breaches (2026)
- Washington healthcare breaches (2026)
- Texas OAG YTD dashboard
- HIPAA / HHS OCR statistics
- Law firm breach tracker
- Washington law firm breaches (2026)
- CA June roundup
- TX July roundup
- WA May roundup
- TX Parks breach
- Have I Been Pwned
- HIBP July roundup
- Monitoring guide
- All trackers