Unfortunately, September was another banner month for data breaches involving the health care industry. According to the Office for Civil Rights (OCR) website, 39 data breaches involving over 500 records were reported to the OCR in the month of September. This does not include all records breached, as health care entities have until February 2018 to notify the OCR of breaches involving less than 500 records.

Hacking continues to be an issue for health care entities, as two-thirds of the reported breaches involved hacking/IT incidents, exposing 363,364 records. The largest reported breach involved ransomware and affected 128,000 records. Health care providers in Texas suffered the most breaches in September—4 of the 39 were located in Texas.

The grand total of health care records (only accounting for breaches over 500 records) exposed or compromised as of September 2018 is 4,601,097.