Attacks on our health data continue — that's no secret but where these breaches come from is still a matter of question. Whether they come from within or without, the number of these breaches remains consistently high.

According to new research by the Ponemon Institue, nearly 90 percent of all healthcare organizations have been breached over the past two years, and about half of those estimate they've been breach more than five times over that same period. The "Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data" estimates that based on the results, the cost is as much as $6.2 billion.

"The average cost of data breaches for covered entities surveyed is now more than $2.2 million, while average cost to business associates in the study is more than $1 million," the survey authors state.

Ponomon suggests criminal attacks are the primary reason for breaches in healthcare, and "internal problems such as mistakes — unintentional employee actions, third-party snafus and stolen computing devices — account for the other half of data breaches." Ponemon studied healthcare organizations (91) and business associates (84).

"The majority of these breaches were small, containing fewer than 500 records," the study indicated. However, the findings suggest no healthcare organization, regardless of size, is immune from data breach. Also important to note is that healthcare organizations still don't have sufficient security budgets to curtail or minimize data breach incidents

13 percent of respondents say they experienced a breach because of a malicious insider, outside cyberattacks remain a primary concern for healthcare organizations.

"In 2016, ransomware, malware and denial-of -service (DOS) attacks are the top cyberthreats facing healthcare organizations,” the report suggested. "Healthcare organizations and BAs alike are also significantly concerned about employee negligence, mobile device insecurity, use of public cloud services and employee-owned mobile devices or BYOD — all threats to sensitive and confidential information."

No matter who is responsible for a breach, most in the report said they think healthcare is more vulnerable to breach than other industries.

The most breached items include medical files, billing and insurance records, and payment details. Somewhat surprisingly, most organizations once breached offer no protection for those affected. Honestly, given the sophistication of the attacks, protection may only do so much.

With ever-present news of breach and security efforts impacting healthcare organizations, the threats have healthcare organizations more to chew on, but little seems to be capable of stopping the overwhelming number of attacks on our nation's healthcare system.

It's difficult to refute that the move to the electronic records has paralleled the rise in the amount and veracity of the attacks. Moving back to paper is not the answer, nor is it an option. But more needs to be done, obviously. What that is has yet to be seen.