Paper records and films represent the most common types of data subject to breaches in hospitals, eclipsing electronic breaches such as ransomware, a study finds. These low-tech breaches are mostly due to theft, improper disposal and unauthorized access, according to the study, published in the American Journal of Managed Care, which also looks at the key factors leading to data breaches.

“As high-tech as the health care industry has become, there is still a large amount of paper usage, especially for facilities that were outside the scope of meaningful use,” says study author Amanda Walden, Ph.D. candidate at the University of Central Florida, referring to standards for electronic medical records supported by federal funds. “As long as we have paper in use, there will always be manual processes that are susceptible to breaches, whether malicious—stolen records, or accidental—dialing the wrong fax number or losing a box of records.”

The study examined at hospital-based data breaches reported to OCR between October 2009 and July 2016.

It identified 215 breaches affecting 500 or more individuals. Thirty hospitals had multiple breaches during that time: 24 hospitals had two breaches, five had three breaches and one had four breaches.