1.5 million patients' data exposed in September-reported healthcare breaches

Nearly 1.5 million people had data exposed in healthcare breaches reported to the federal government last month.

That's more than double the roughly 730,000 people who had data compromised in healthcare breaches reported the month prior.

In September, providers, health plans and their business associates reported 29 data breaches to HHS' Office for Civil Rights, the agency that maintains the government's database of healthcare breaches. Though fewer people had data compromised in August-reported breaches, there were more overall breach incidents at 49.

Three of the data breaches reported to the OCR in September affected more than 100,000 people each.

Women's Care Florida, an OB-GYN practice, reported a data breach of 528,000 patients to the OCR. The data breach took place at North Florida OB-GYN, a women's health practice that had joined Women's Care Florida in May, and involved an unauthorized user encrypting files on the provider's computer systems, according to a notice posted online.

North Florida OB-GYN discovered the breach in July, but suspects the hacker may have begun accessing its computer systems as early as April.

HHS gives HIPAA-covered entities 60 days from when they discover a breach to notify the department. Women's Care Florida reported the data breach to the OCR on Sept. 25.

North Florida OB-GYN said it has decrypted or recovered "virtually all" of the affected files since discovering the incident.

The two other major breaches reported in September involved ransomware attacks at Sarrell Dental in Alabama and Premier Family Medical in Utah, which compromised the data of 391,000 and 320,000 patients, respectively.

Hacking and IT incidents, like the ones at Women's Care Florida, Sarrell Dental and Premier Family Medical, accounted for 62% of data breaches reported in September. The remaining data breaches resulted from theft, unauthorized access or unauthorized disclosure of patient records.