It's not just hospitals. Or even payers. Some 392 million health records have been accessed in 1,931 protected health information breaches across a staggering 90 percent of industries, according to preliminary findings from a new Verizon report.
These industries, across 25 countries, have seen health insurance information, personnel files or other data outside of traditional healthcare settings or industries stolen, the study shows.
[See also: Slideshow: Biggest health data breaches]
Indeed, of the 20 industry sectors examined in the study, only utility and management industries were free from reported PHI breaches.
"What makes our findings even more troubling is that many sectors - especially those outside of the healthcare industry - aren't even aware that they hold this type of data," said Suzanne Widup, lead author for the Verizon Enterprise Solutions report, in a statement.
"The ramifications of stolen medical information can have significant consequences for the safety and well-being of the patient," she added.
[See also: 5 ways to avoid health data breaches]
Unlike with other data breaches, PHI breaches face an equal number of internal and external hackers. The report reveals insider misuse is a prevalent in these cases.
The findings revealed hacker tactics are determined by the type of data they're seeking and its location, rather than the country or company size.
The purpose of stealing medical data is most often taken with the intent of learning personal identifiable information, not necessarily health records.
"This data can be extremely damaging in the hands of those wanting to commit various types of financial fraud," said Widup.
The results of the study were revealed at the 2015 HIMSS Connected Health Conference in Washington this week; the full report is scheduled for full-release in December. The purpose, officials say, is to help healthcare organizations understand the gravity of both identifying vulnerabilities and protecting data before it becomes an issue.
The full report will examine how breaches occur, the amount of time for breaches to be uncovered, the effect on patient-doctor relationships and ways to mitigate risks.