PrivacySignal
Breach

May 2026 Healthcare Data Breach Report

HIPAA Journal · · US Federal · Data Breaches

According to data from the HHS Office for Civil Rights breach portal, 61 healthcare data breaches were reported in May 2026, as tracked in the HIPAA Journal's monthly analysis. The report reflects ongoing disclosure activity logged by the federal agency responsible for HIPAA enforcement.

Why this matters: Sixty-one breaches in a single month means tens of thousands of people likely had their most sensitive records exposed — diagnoses, prescriptions, mental health histories, insurance details. Healthcare data does not expire. It can be used years later to discriminate, defraud, or embarrass. The HHS breach portal exists so there is at least some public record of who got hit and when. But disclosure is not the same as accountability. Most people whose records are exposed never hear about it in time to do anything useful.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Breach
HIPAA Journal · · US Federal

Lucent Health Solutions to Pay Up to 1.95M to Settle Data Breach Litigation

Lucent Health Solutions, a Tennessee-based health plan administrator, has agreed to pay up to $1.95 million to settle a class action lawsuit stemming from a data breach. The settlement resolves litigation brought against the company over its handling of protected health information.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

#breach#enforcement#healthcare Read original →
Breach
Military Times · · US Federal

Nearly 12,000 military Tricare beneficiaries warned of data breach

TriWest Healthcare Alliance has notified nearly 12,000 military Tricare beneficiaries that their protected health information may have been exposed in a data breach. The notification indicates the incident was significant enough to trigger formal disclosure requirements under federal health privacy rules.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
Microsoft Threat Intelligence · · International

Defending SaaS-based applications against ShinyHunters OAuth abuse

Microsoft Threat Intelligence identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-based applications. The post Defending SaaS-based applications against ShinyHunters OAuth abuse appeared first on Microsoft Security Blog.

Who should care: Cybersecurity · Privacy officers · Administrators

#breach#security Read original →