Skip to main content

Theft breaches reported to HHS OCR

A breach categorised as Theft is one HHS OCR recorded under that heading on its HIPAA Breach Reporting Portal. In 2023-10-12 to 2026-06-16 there were 6 such breaches affecting 500+ individuals — 0.8% of all reported breaches, ranking it #3 of 4 types by volume, and affecting 25,044 individuals.

Quick answer

In 2023-10-12 to 2026-06-16, HHS OCR recorded 6 theft breaches of unsecured protected health information affecting 500+ individuals, which is 0.8% of the 726 breaches reported across all types and makes it the #3 most common of 4. These breaches affected 25,044 individuals in total.

6
Reported breaches
25,044
Individuals affected
0.8%
Share of all breaches
4,174
Avg. per breach

Source: U.S. HHS Office for Civil Rights — HIPAA Breach Reporting Portal (HIPAA Cases Currently Under Investigation (breaches affecting 500+ individuals)), under HITECH Act s.13402(e)(4); HIPAA Breach Notification Rule. This is a work of the U.S. federal government in the public domain. Figures are record counts and reported affected-individual totals for 2023-10-12 to 2026-06-16, retrieved 2026-06-27. Presented neutrally; this is statistics, not legal advice.

Recent theft breaches

The 6 most recent breaches of this type in 2023-10-12 to 2026-06-16, exactly as reported to HHS OCR.

DateCovered entity / business associateStateIndividuals
03/16/2026Renovo Chiropractic & WellnessWA538
11/05/2025Tampa Bay Treatment AssociatesFL3,682
03/06/2025SCLARCCA722
02/28/2025East Hawaii Rehab, Inc. DBA Lehua Physical Therapy and RehabHI8,472
02/14/2025Children's Dental Center at Preston Trail, P.C. d/b/a Park Place Pediatric Dentistry (Arlington, TX)TN1,690
06/28/2024Georgia Kidney Associates, Inc.GA9,940

Other breach types

Compare with every other breach type's reported volume in 2023-10-12 to 2026-06-16.

Or return to the US healthcare data breaches hub for the full breakdown by state and the 356,175,086 individuals affected overall.

FAQ

How many theft healthcare breaches were reported to HHS OCR in 2023-10-12 to 2026-06-16?
HHS OCR's portal lists 6 breaches categorised as theft affecting 500 or more individuals in 2023-10-12 to 2026-06-16, collectively affecting 25,044 individuals. That is 0.8% of the 726 breaches reported across all types, ranking theft #3 of 4 categories by volume. Figures are taken directly from the HHS OCR HIPAA Breach Reporting Portal.
What does "Theft" mean on the HHS breach portal?
HHS categorises a breach as Theft when devices or physical records holding unsecured protected health information were stolen — a laptop, phone, backup drive, or paper files. Encrypting devices generally removes them from the "unsecured" definition.
How can a healthcare organization prevent theft breaches?
Because theft accounts for 0.8% of reported breaches in this data, the most effective controls are practical: multi-factor authentication and least-privilege access, prompt patching of internet-facing systems, encryption of protected health information at rest and in transit, tested offline backups, redaction and recipient checks before disclosure, and a rehearsed 60-day breach-response process. A structured compliance audit maps your data flows against the HIPAA Security Rule.

Data retrieved 2026-06-27 · reporting window 2023-10-12 to 2026-06-16.

Harden your data protection before it becomes a breach report

The overwhelming majority of the breaches in this data are hacking/IT incidents and unauthorized access — both reducible with basic access, email and backup controls. GeraCompliance's fixed-scope compliance sprint maps your data flows, hardens the controls behind these breach types, and leaves you with a tested incident-response plan — in days, not months.