HIPAA Security Breach Scraper

Scrape the HHS HIPAA Breach Portal (the "Wall of Shame") for healthcare companies that experienced data breaches affecting 500+ individuals.

Returns structured data with breach severity scoring and optional company size enrichment via Apollo.

What it does

The U.S. Department of Health and Human Services is required by law to publicly list every healthcare data breach affecting 500+ individuals. This scraper extracts that data and enriches it for sales and security intelligence.

For each breach, you get:

• Company name, state, and entity type
• Number of individuals affected
• Breach date and days since breach
• Breach type (Hacking/IT Incident, Unauthorized Access, Theft, etc.)
• Location of breached information (Network Server, Email, Paper, etc.)
• Breach severity score (critical / high / medium / low)
• Company size via Apollo enrichment (optional)

Use cases

Cybersecurity sales

Companies that just had a data breach are actively buying security solutions. The severity score tells you who to call first — a 600K-record breach reported 3 weeks ago is a critical lead.

Compliance consulting

Healthcare organizations under investigation need compliance help. Filter by state to find companies in your region that need HIPAA remediation.

Insurance and risk assessment

Track breach patterns by entity type, state, and breach method. Understand which organizations are most at risk.

Competitive intelligence

Monitor which business associates (vendors) are getting breached. If your competitor's vendor just leaked 500K records, that's an opportunity.

Market research

Analyze breach trends over time — which states, which breach types, which entity types are most affected.

Input

Field	Type	Default	Description
reportType	select	under_investigation	Which reports: Under Investigation (last 24 months), Archive (older), or Both
minIndividuals	integer	500	Only include breaches affecting at least this many individuals
stateFilter	string	(all)	Filter by US state abbreviation (e.g., CA, NY, TX)
maxResults	integer	500	Maximum number of records to return
apolloApiKey	string	(none)	Apollo.io API key for company size enrichment (free tier works)

Output example

{
  "company_name": "ApolloMD Business Services, LLC",
  "state": "GA",
  "entity_type": "Business Associate",
  "individuals_affected": 626540,
  "breach_date": "2026-02-10",
  "days_since_breach": 25,
  "breach_type": "Hacking/IT Incident",
  "breach_location": "Network Server",
  "breach_severity": "critical",
  "report_type": "under_investigation",
  "company_size": "201-500",
  "company_domain": "apollomd.com",
  "employee_count": 350
}

Severity scoring

Severity is calculated from three factors:

Factor	Points	Criteria
Scale	5-40	500→5, 1K→10, 10K→20, 100K→30, 500K+→40
Recency	5-40	365d+→5, 180d→10, 90d→20, 30d→30, <30d→40
Breach type	5-20	Other→5, Loss→8, Theft→12, Unauthorized→15, Hacking→20

Score → severity: 70+ = critical, 50+ = high, 30+ = medium, <30 = low

Data source

HHS Breach Portal — maintained by the U.S. Department of Health and Human Services, Office for Civil Rights. Updated as new breaches are reported.

---

Built by Connector OS — the market interpretation engine for deal brokers and strategic connectors. Feed this dataset into Connector OS to automatically match breached companies with cybersecurity vendors in your network.