More than 4.2 million patients had data exposed in healthcare data breaches reported to the federal government last month.
As of Jan. 13, HHS' Office for Civil Rights posted 58 breach reports that healthcare providers, insurers and their business associates had submitted to the agency in December. That rounded out 2020 with 641 reports in total, marking the most breaches reported in a single year since OCR began maintaining its database in 2010.
In terms of patients affected, December represented a 955.6% increase from December 2019, when organizations reported 41 breaches affecting nearly 398,000 patients. The 4.2 million figure is also a massive jump month-over-month from November 2020 when 1.2 million patients had data exposed in 49 breaches.
December marks the second-highest month in 2020 based on the number of patients with data exposed in breaches, second to September, when 9.9 million patients had data affected.
The two largest breaches reported in December affected roughly 1 million patients each, ranking them as the first- and third-biggest breaches for 2020 as a whole.
HHS gives HIPAA-covered entities 60 days from when they discover a breach to notify the department, so many of the incidents reported to OCR in December were discovered in October and may have taken place even earlier.