As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of data breaches of unsecured protected health information affecting 500 or more individuals.
The following link lists data breaches reported to the Secretary:
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
