More than 2.1 million patients had data exposed in healthcare data breaches reported to the federal government last month.
As of Thursday, HHS' Office for Civil Rights posted 59 data breach reports that healthcare providers, insurers and their business associates had submitted to the agency in October.
In terms of patients affected, that's a 219.6% increase from October 2019, when organizations reported 53 breaches affecting nearly 677,300 patients. But 2.1 million is down from September, when 9.7 million patients had data exposed in a landmark 97 breaches—the highest number reported in a single month since OCR began tracking healthcare data breaches in 2010.
Hacking and IT incidents accounted for more than 70% of breaches reported in October. The remainder resulted from theft, improper disposal and unauthorized access or disclosure.
Luxottica of America, part of Italian eyewear giant Luxottica, reported a massive breach compromising data on more than 829,400 people—nearly 40% of the 2.1 million records reported in October.
The breach is likely linked to a ransomware attack the company reportedly suffered in September. Luxottica did not immediately return a request for comment.
Reports linked to a ransomware attack at software vendor Blackbaud, which drove September's record high, also continued to trickle in throughout October.