Of all types of healthcare providers, hospitals accounted for one-third of all data breaches and affected the largest number of individuals compared to doctors, nurses and social workers, according to a study published in The American Journal of Managed Care.

The healthcare industry has been the primary source of high-level ransomware and malware attacks due to the profitability of patient health information. In this study, researchers outlined the sources of data breach, the types of breaches and factors in predicting data breaches of 500 or more patients.

Data were collected from the HHS Office of Civil Rights in healthcare providers that affected 500 or more individuals between 2009 and 2016. Hospital characteristics regarding the breach were taken from the Health Information Management Systems Society and the American Hospital Association Health IT Supplement databases.

Results showed hospitals accounted for one in three of data breaches. Paper and films were the most frequent location of breached information, occurring in 65 hospitals during the study period, while network servers were the least common location. However, network server breaches affected the most patients overall. Additionally, researchers found hospital type and size showed a significant association with data breach occurrences while health information technology and biometric use for security did not.

“Hospitals should conduct routine audits to allow them to see their vulnerabilities before a breach occurs,” concluded first author Meghan Hufstader Gabriel, PhD, and colleagues. “Additionally, information security systems should be implemented concurrently with health information technologies. Improving access control and prioritizing patient privacy will be important steps in minimizing future breaches.”