The number of patient health information breaches was down again in October for the second month in a row, but swaths of patient data have been irrevocably lost.

That’s according to the Protenus Breach Barometer, which measures how many security breaches are recorded on a monthly basis. In October, 35 breaches were reported to HHS or disclosed via media outlets, according to the blog post, which was down from 37 in September and a record 42 breaches in August for the year. This led to more than 776,000 patient health records being stolen, according to the article.

The price of medical records on the dark web has dropped considerably, according to the article, which may have decreased the incentive for hackers and malevolent agents to breach security systems and obtain patients’ health information.

In October, 44 percent of the data breaches stemmed from hacking, malware and ransomware agents. Another 37 percent of breaches originated from insiders with access to the records. Loss and theft accounted for 6 percent of the breaches, and the causes for the remaining 17 percent of breach events were unknown, according to the post.

The number of breaches doesn’t paint the whole picture, however. Only 28 breaches were recorded in June, but Protenus estimated that more than 11 million patient health records were captured by hackers.

2016: Number of records breached. Image: Protenus.com

California was hit hardest with four breaches, while Arizona, Indiana, Florida and New York trailed with three breaches each. Boston-based Codman Square Health Center told HHS early in October that at least 4,000 patient records had been accessed sans permission from the New England Healthcare Exchange Network, launching the breach into “HHS-Wall-of-Shame territory.”

Number of health data breaches by state, October 2016. Image: Protenus.com

Last year, IBM called 2015 the year of the healthcare security breach, when five breach incidents compromised the integrity of nearly 100 million healthcare records.