Other report findings include:

BYOD: A striking 81 percent of healthcare providers allow employees to use their own mobile devices to connect to the hospital network. More than half of employees take part in the “bring your own device” movement.

Health information exchanges (HIEs): Only 28 percent of organizations interviewed indicated they were part of an HIE, with more than half expressing reservations pertaining to patient privacy and security with HIEs.

To stay on the offensive, the Ponemon Institute outlines several recommendations to help healthcare organizations avoid a breach.

First, Kam says, "These individuals who are responsible for protecting this information really need to reorient themselves." Instead of subscribing to the thought process that these breaches only occur "once in a blue moon," officials need to understand that they occur daily. "All of their processes, their systems, their tools … all of these things need to be updated, and the appropriate processes and procedures need to be put in place," Kam adds.

Kam also advises organizations to have annual privacy and security assessments. “This is required by law every year, and very few organizations, unfortunately, do this," he says.

"A lot of organizations in healthcare, historically, have been laggards on security enabling technologies. The gap may be changing. We're seeing more and more organizations in healthcare stepping up to the plate," says Ponemon. "For the most part, we've seen a lot of organizations being somewhat careless. Not having tools that are relatively inexpensive to safeguard sensitive data, that just seems to be not a smart idea."