Just to add to the global perspective, this recent news story from YLE describes a survey conducted in Finland:
Private health clinics often fail to keep patients’ data secure, according to a recent survey by the Office of the Data Protection Ombudsman. Meanwhile, the public sector was found to work harder to keep information private. Many private clinics, for example, do not monitor how patient information could potentially be misused. Survey respondents often cited a lack of time and resources. Furthermore, patients are often not informed of their rights concerning their own information.
Pharmacies were also found to be frequently negligent, however, they scored better than private clinics.
Nearly 90 percent of public clinics and pharmacies have appointed an information security contact person in compliance with the law. One third of clinics in the private sector lacked such a person.Just 10 percent of pharmacies, 15 percent of private clinics and 30 percent of public clinics informed patients when their information was misused.
The Office of the Data Protection Ombudsman carried out the survey in June.
It would be nice to know how many breaches they experience there and whether the pattern of breaches or types of breaches are consistent with what we see here.