The Ponemon Institute released a report today that includes some alarming news: Criminal attacks on healthcare organizations increased by an eye-popping 100 percent since 2010. With a continued ad-hoc approach to security at many organizations and millions of patients signing up for healthcare made possible by the Affordable Care Act, cybercriminals have been presented with an irresistible opportunity for potential crimes.

91 organizations were included in the study—11 more than last time around. The take-away: We are still in the Wild West of data security management. 90 percent of healthcare organization in the study reported having at least one breach in the past two years, and 38% reported having at least 5 incidents.

While overall, the number of breaches was down, the study found that data breaches are still a pervasive problem; that implementation of the ACA has increased risks; bad practices with sensitive data are creating openings for criminals, and many healthcare organizations approach security on an ad-hoc basis and are not in compliance with the HIPAA Final Rule.

One big issue is BYOD (or bring your own device) in the workplace. As long as employees are allowed to access sensitive PHI with smartphones or tablets using insecure networks respondents said the risk and incidence of breaches will continue to increase.

Most respondents in the study said human error continued to be the biggest issue.

The organizations that participated in the study were wide-ranging and included hospitals, clinics, or entities that are part of healthcare networks. All are considered subject to HIPAA rules as covered entities.