Thirty-four separate healthcare breaches occurred in April, affecting 232,060 patient records, according to a Protenus report.
The report, part of the "Protenus Breach Barometer" monthly series, analyzed healthcare breaches reported to HHS or disclosed to the media during April 2017.
Here are five things to know.
1. The largest single breach involved 93,323 patient records. The organization reported this breach to HHS as a "hacking/IT event."
2. The plurality of breaches (47 percent) were caused by hacking. Others resulted from insiders (29 percent) and loss or theft (15 percent).
3. Healthcare providers represented 27 of the data breaches in April, 79.41 percent of the total. Health plans reported two incidents, and business associates or third parties reported two incidents.
4. Of the incidents for which Protenus had relevant data, 66 percent of organizations reported their breach to HHS within the required 60 days.
Healthcare organizations took an average of 59 days from the time they discovered a breach to report it to HHS in April. In March, healthcare organizations waited an average of 45 days to report a breach after first discovering it, and in February, an average of 478 days.
5. This quicker reporting period may be attributed to a new policy HHS launched last month, under which the department fines healthcare organizations that don't report breaches within 60 days, Protenus hypothesized.
"April is the second month in which there seems to be noticeable improvement in the time it takes for healthcare organizations to report their breaches to HHS," the report states. "It begs one to ask if healthcare organizations are becoming more diligent in responding and reporting breaches to patient data as a result of this regulatory scrutiny."
Click here to view the full report.