Health care compromises account for 39% of all breaches

More than any other industry, health care organizations are most likely to suffer data breaches, according to Symantec’s 2016 Internet Security Threat Report, as they accounted for 39% of the total number of incidents last year, exposing 4 million identities.

Health care breaches in 2016

Already this year 164 health care data breaches have been submitted to the US Department of Health and Human Services (HHS), affecting more than 4.6 million people.

The largest of these breaches affected 21st Century Oncology, compromising over 2.2 million people’s data in April.

Just last month, Advocate Health Care Network was ordered to pay one of the largest HIPAA settlements in history ($5.5 million) after violating the Act’s regulations.


Health care organizations are required by law to comply with HIPAA, but are increasingly required to comply with additional cybersecurity laws and regulations (such as SOX, the PCI DSS, and the GLBA).

As a result, many organizations are seeking certification to ISO 27001, the internationally recognized information security standard for creating and maintaining an ISMS (information security management system).

ISO 27001 can centralize and simplify disjointed compliance efforts. Companies will often achieve compliance with a host of related legislative frameworks simply by achieving ISO 27001 registration.

By virtue of its all-inclusive approach, ISO 27001 encapsulates HIPAA’s information security elements by providing an auditable ISMS designed for continual improvement.

Implement an ISO 27001-compliant ISMS

To help you along your journey to building a more secure way to manage data within your organization, the ISO 27001 ISMS Documentation Toolkit provides customizable templates and expert guidance from auditors.

Download free sample files from the toolkit here >>