More than two-thirds of health care organizations responding to a survey have experienced a significant and recent security event, according to the Health Information and Management Systems Society (HIMSS).

The single largest source of significant security incidents were negligent insiders, defined as well-meaning individuals who unwittingly caused a breach. However, 64% of respondents reported that their organization had been the victim of an attack from an external actor – usually an online scam artist. The results are part of the 2015 HIMSS Cybersecurity Survey , which polled 297 health care leaders and information security officers.

Most of the security incidents resulted in limited disruption of IT systems with limited impact on clinical care, according to the report. The majority of respondents said security incidents were detected within 24 hours of occurrence, “approximately 20% of these security incidents ultimately resulted in loss of patient, financial, or operational data.”

While security breaches may seem like an IT issue, Jennifer Horowitz , senior director of research at HIMSS, said physicians need to be aware of what they can do to help keep their systems secure.

“This is a rapidly changing environment and I think that physicians also need … to do their part: adhering to the security policies and protocols as their organization,” Ms. Horowitz said in an interivew, highlighting particularly that physicians need to be aware of potential phishing scams sent via email that could comprompise data security.