Back to news
Cybersecurity Alert
June 19, 2026 by EmailMeNow IT Consulting

Healthcare Data Breach Statistics Updated June 2026 — 772 Large Breaches in 2025, OCR Backlog Grows

HIPAA Journal and HHS OCR data: 220 large breach submissions dated in 2026 affecting 20,317,373 individuals on the live investigation portal, plus OCR backlog context.

Source: HIPAA Journal / HHS Office for Civil Rights

CybersecurityData BreachHealthcareHIPAATexas
Healthcare data breach statistics and HHS OCR breach portal trends

The HIPAA Journal updated its healthcare data breach statistics page on June 19, 2026, drawing on HHS Office for Civil Rights (OCR) data through May 19, 2026. The numbers confirm that healthcare remains one of the most heavily targeted sectors — with mega-breaches driving record victim counts even when incident frequency plateaus.

Read the full statistics:
https://www.hipaajournal.com/healthcare-data-breach-statistics/

Official breach portal:
https://ocrportal.hhs.gov/ocr/breach/breach_report_hip.jsf

HHS OCR Portal: 2026 Submissions

The live HHS OCR breach portal (under-investigation view) currently shows 198 large breach submissions dated in 2026, collectively affecting 18,662,505 individuals (national counts, not state-resident totals). Data is current through June 20, 2026.

Interactive Tracker

HHS OCR Large Healthcare Breaches: 2026 Submissions

HIPAA breach reports with a 2026 submission date, by month

Data current through July 6, 2026
2026 YTD reports 220
Individuals affected 20.3M
Largest report 3.4M
Jan
844.8K
Feb
7.1M
Mar
8.7M
Apr
1.3M
May
797.6K
Jun
1.5M
Jul MTD
8.2K
Show largest 2026 HHS OCR breach reports
Entity Published Individuals affected Sector
TriZetto Provider Solutions Feb 6, 2026 3,433,965 Business Associate
QualDerm Partners, LLC Feb 22, 2026 3,117,874 Healthcare Provider
Nacogdoches Memorial Hospital n Mar 30, 2026 2,507,073 Healthcare Provider
Navia Benefit Solutions, Inc. Mar 18, 2026 2,151,330 Business Associate
New York City Health and Hospitals Corporation Mar 24, 2026 1,800,000 Healthcare Provider

Source: HHS OCR Breach Portal (under-investigation view). Figures are national individuals-affected counts for covered entities; entity state does not equal state-resident totals.

Sources

Key Figures

MetricValue
Large breaches reported in 2025 (500+ individuals)772 (annual record)
Large breaches Jan 1 – Apr 30, 2026252 (9.5% fewer than same period in 2025)
Total large breaches on OCR portal since Oct 20097,670
Open OCR investigations (under or awaiting review)936 (up from 882 in 2024)
Small breaches reported in 2024 (under 500 individuals)74,299

Mega-Breaches Drive Victim Counts

While breach counts grew modestly in recent years, the number of affected individuals spiked because of mega-breaches (1M+ records):

  • Change Healthcare (2024) — estimated 192.7 million individuals (largest healthcare breach on record)
  • Conduent Business Services (2025)62+ million individuals
  • Aflac (2025) — nearly 14 million
  • Episource (2025)6.7+ million

Ransomware and third-party business associate compromises remain the dominant pattern.

OCR Reporting Delays in 2026

HIPAA Journal notes that OCR has been slow to publish new portal entries in 2026, likely due to the 43-day federal government shutdown (October 1 – November 12, 2025). As of June 2026, OCR was still adding breaches attributed to March 2026 — meaning current statistics understate recent activity.

What Texas Healthcare Providers Should Do

  1. Review business associate agreements — ensure breach notification timelines and security exhibit requirements are current.
  2. Maintain a documented HIPAA Security Rule risk analysis — required, not optional.
  3. Test backup and restoration — ransomware recovery depends on offline, immutable backups.
  4. Harden email authentication — BEC and credential theft remain common initial access vectors.
  5. Monitor state AG portals in addition to OCR — Texas and California filings often appear before federal summaries.

See our healthcare AG breach tracker and Texas healthcare breaches for state-level context.


Audit your healthcare organization’s email security.

Run a free scan at audit.emailmenow.com or contact EmailMeNow IT Consulting for HIPAA-aligned security assessments.