Healthcare data is collected continuously, and new uses are found for this data nearly every day. In fact, almost all U.S. healthcare organizations collect, store or share data and sensitive information within technologies and cloud platforms, but less than 40% of these organizations actually encrypt data in such environments.

This is according to a new report by French security company Thales and research and analysis firm IDC.

Most healthcare organizations realize there is an imminent threat to their data and security. 40% acknowledge they are "very" or "extremely" vulnerable for breach, and seven in 10 organizations reported they had experienced a data breach at some point.

A third said there had been a breach in the past year. Thales said those numbers are the highest among industries it has studied.

Alternatively, the survey showed 73% of the organizations represented in the responses said their security for new technology deployments is "very" or "extremely" secure.

"When sensitive patient information is breached, it poses significantly longer-term risks compared to other sectors — sometimes indefinitely," Frank Dickson, program vice president for security products research at IDC, said in a statement.

"Healthcare data is especially attractive to hackers because it's far more valuable than other kinds of data that can be accessed and exploited. When healthcare data is stolen, damage cannot be fully mitigated. A credit card can be canceled, or a bank account can be closed, but private patient data circulates endlessly, which opens opportunities for various types of fraud to occur again and again from a single breach."

The list of health data breaches is seemingly endless.

The data is so important to hackers because they can use medical records and health data to plot their attacks and take time doing so. Hackers also can sell large batches of this personal data for profit on the black market. Hackers can use this data to create fake IDs to buy medical equipment or drugs or combine a patient number with a false provider number and file fictional claims with insurers.

In another survey, about 70% of mid- to large-sized U.S. healthcare companies said they are "very" or "extremely" confident in their ability to manage sensitive data. Of these, though, about 50% update their inventory of personal data just once a year or less, Integris Software found.

Privacy concerns of these organization primarily affected business obligations (67%); enforcing internal data handling policies like retention and classification (61%); due diligence during mergers and acquisitions (28%); and the delivery of artificial intelligence and machine learning projects (22%).

Healthcare Dive reports that the major malware strain that targeted healthcare organizations, including a massive disruption to dozens of hospitals in the United Kingdom two years ago, is still surfacing. "About 40 percent of delivery organizations experienced at least one WannaCry attack in the first half of this year."

A report from April found data breaches related to providers, health plans and their business associates for the month reached a record high: 44.

That's the highest number of healthcare breaches reported in a single month since the Department of Health and Human Services' Office for Civil Rights began maintaining its online database of healthcare breaches in 2010. The previous high was 42.

Health data breaches are real and prevalent. Despite their bravado, healthcare organizations should be prepared for the worst.