Skip to main content

Improper Disposal breaches reported to HHS OCR

A breach categorised as Improper Disposal is one HHS OCR recorded under that heading on its HIPAA Breach Reporting Portal. In 2023-10-12 to 2026-06-16 there were 1 such breaches affecting 500+ individuals — 0.1% of all reported breaches, ranking it #4 of 4 types by volume, and affecting 34,675 individuals.

Quick answer

In 2023-10-12 to 2026-06-16, HHS OCR recorded 1 improper disposal breaches of unsecured protected health information affecting 500+ individuals, which is 0.1% of the 726 breaches reported across all types and makes it the #4 most common of 4. These breaches affected 34,675 individuals in total.

1
Reported breaches
34,675
Individuals affected
0.1%
Share of all breaches
34,675
Avg. per breach

Source: U.S. HHS Office for Civil Rights — HIPAA Breach Reporting Portal (HIPAA Cases Currently Under Investigation (breaches affecting 500+ individuals)), under HITECH Act s.13402(e)(4); HIPAA Breach Notification Rule. This is a work of the U.S. federal government in the public domain. Figures are record counts and reported affected-individual totals for 2023-10-12 to 2026-06-16, retrieved 2026-06-27. Presented neutrally; this is statistics, not legal advice.

Recent improper disposal breaches

The 1 most recent breaches of this type in 2023-10-12 to 2026-06-16, exactly as reported to HHS OCR.

DateCovered entity / business associateStateIndividuals
05/02/2025Anesthesia Associates of Morristown, P.A.NJ34,675

Other breach types

Compare with every other breach type's reported volume in 2023-10-12 to 2026-06-16.

Or return to the US healthcare data breaches hub for the full breakdown by state and the 356,175,086 individuals affected overall.

FAQ

How many improper disposal healthcare breaches were reported to HHS OCR in 2023-10-12 to 2026-06-16?
HHS OCR's portal lists 1 breaches categorised as improper disposal affecting 500 or more individuals in 2023-10-12 to 2026-06-16, collectively affecting 34,675 individuals. That is 0.1% of the 726 breaches reported across all types, ranking improper disposal #4 of 4 categories by volume. Figures are taken directly from the HHS OCR HIPAA Breach Reporting Portal.
What does "Improper Disposal" mean on the HHS breach portal?
HHS categorises a breach as Improper Disposal when protected health information was not securely destroyed before disposal — paper records left intact or storage media that was not wiped. It is a small but entirely preventable category.
How can a healthcare organization prevent improper disposal breaches?
Because improper disposal accounts for 0.1% of reported breaches in this data, the most effective controls are practical: multi-factor authentication and least-privilege access, prompt patching of internet-facing systems, encryption of protected health information at rest and in transit, tested offline backups, redaction and recipient checks before disclosure, and a rehearsed 60-day breach-response process. A structured compliance audit maps your data flows against the HIPAA Security Rule.

Data retrieved 2026-06-27 · reporting window 2023-10-12 to 2026-06-16.

Harden your data protection before it becomes a breach report

The overwhelming majority of the breaches in this data are hacking/IT incidents and unauthorized access — both reducible with basic access, email and backup controls. GeraCompliance's fixed-scope compliance sprint maps your data flows, hardens the controls behind these breach types, and leaves you with a tested incident-response plan — in days, not months.