Healthcare providers, insurers and their business associates reported 38 breaches affecting nearly 446,000 patients to the federal government last month.
That's down 55.8% from the number of patients affected in breaches reported in April of last year, when organizations reported 50 breaches affecting just over 1 million people, according to data from the HHS' Office for Civil Rights, the agency that maintains the government's database of healthcare breaches.
In March 2020, organizations reported 39 breaches that exposed data on more than 834,000 people.
HHS gives HIPAA-covered entities 60 days from when they discover a breach to notify the department. That means many of the incidents reported to the OCR in April were discovered in February, and may have taken place even earlier—so April numbers likely don't include the recent rise in coronavirus-related cyberattacks that healthcare organizations have reportedly seen.
Two organizations reported incidents that affected more than 100,000 people each, which collectively accounted for roughly half of the 446,000 patients affected in breaches reported last month.