In the first month of 2021, healthcare providers, insurers and their business associates reported nearly 958,000 patient records breached.
The largest breach reported in January affected roughly 640,000 patients at Abilene, Texas-based Hendrick Health.
Last year's largest breach compromised data on nearly 1.3 million patients.
Hendrick Health on Jan. 15 reported that a hacker may have accessed patient data on the system's network between Oct. 10 and Nov. 9. The incident, which led Hendrick Health to shut down IT networks in November, may have exposed patient names, Social Security numbers and demographic information, according to a notice posted on the system's website.
HHS gives HIPAA-covered entities 60 days from when they discover a breach to notify the department, so many of the incidents reported to OCR in January were discovered in November and may have taken place even earlier.