According to a recent report, which analyzed data from over 300 data security incidents ...

... on which the firm BakerHostetler advised in 2015:

• 23% of the incidents were from the healthcarre industry
• Hacking/phishing caused 31% of the incidents
• Employee mistakes causing 24% of the incidents
• The average amount of time from incident to discovery for all industries was 69 days, but healthcare took nearly twice as long as other industries

Source: "BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents," BakerHostetler Press Release, March 30, 2016, http://www.dataprivacymonitor.com/online-privacy/bakerhostetler-data-security-incident-response-report-reveals-being-compromise-ready-better-positions-companies-to-respond-to-incidents/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+DataPrivacyMonitor+%28Data+Privacy+Monitor%29