Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


The Official Baldrige Blog

One Data Breach Each Day in 2016—Another Reason Experts Say Focus on Cyber Risk Now


The year 2016 averaged one health care data breach per day, affecting more than 27 million patient records, according to Protenus, Inc., which recently collaborated with on the "Breach Barometer Report: Year in Review."

Additional findings from analysis of that report, which pertains to health care, follow:

  • There were 450 total breach incidents in 2016.
  • Insiders caused 43 percent of the data breach incidents.
  • Hacking and ransomware were responsible for 26.8 percent of the breaches.
  • It took the average entity 607 days to discover breaches caused by insider wrongdoing.
  • Breach incidents affected 47 states.

“There's no such thing as total security anymore. You must make every effort to strengthen security as much as possible,” said Michael Dowling, president and CEO of Northwell Health, in a recent article in Becker’s Hospital Review. “Hacking and data breaches are realistic and stubborn dangers we face each day. No [leader] has the luxury of dismissing these threats or viewing the work to prevent them as optional.”

Of course, breaches related to cybersecurity are not reserved for the health care industry.

Jon Boyens of the National Institute for Standards and Technology (NIST), in a paper titled “Integrating Cybersecurity into Supply Chain Risk Management,” pointed out that trends, including the Internet of Things (where everything is smart and interconnected), IT-enabled supply chain management, and 3-D printing, present cyber risks that can result in the delivery of poor quality, compromised or counterfeit products that diminish brand reputation, loss of intellectual property, and compromised customer information and operational control systems.

Paul Myerson, professor of practice in supply chain management at Lehigh University, highlights in a recent Industry Week article incidents such as hackers gaining access to owner data on 600 million Samsung Galaxy phones and poor information security by service suppliers leading to recent data breaches at Target, Home Depot, Goodwill, and many other companies and organizations.

In light of the increasing volume and sophistication of cyber threats, organizations need a systems approach to improve their cybersecurity performance. The Baldrige Program has been working hard, in collaboration with the Applied Cybersecurity Division at NIST and industry experts, to develop the Baldrige Cybersecurity Excellence Builder, a voluntary self-assessment tool that enables organizations to better understand and improve the effectiveness of their cybersecurity risk management efforts. It helps leaders of organizations to identify opportunities for improvement based on their cybersecurity risks, needs, and objectives, as well as their larger organizational environment, relationships, and outcomes.

To help organizations use this tool and improve their cybersecurity performance, the Baldrige Program is hosting a Baldrige Cybersecurity Excellence Builder Workshop and panel session in conjunction with the 29th Annual Quest for Excellence Conference at the Baltimore Marriott Waterfront Hotel in Maryland on April 2 (workshop) and 3 (panel).

The program invites you and anyone concerned with and responsible for mission-driven, cybersecurity-related policy and operations in your organization to attend this interactive workshop. Attendees will learn how to use the Baldrige Cybersecurity Excellence Builder to better understand where their cybersecurity efforts are today and what they can look like in the future, as well as how to conduct a self-assessment of their cybersecurity programs.

Baldrige Director Robert Fangmeyer has written, “In our increasingly connected data-driven world, protecting data, information, and systems has become a basic necessity for organizations of all kinds and a critical national priority.” Baldrige Cybersecurity Excellence Builder and this workshop are designed to help organizations of all kinds start assessing their cyber risk now.

The Baldrige Cybersecurity Excellence Builder Workshop is available on a first-come, first-serve basis. Registration is now open with limited seating.

Registration is also now open for the 29th Annual Quest for Excellence Conference, which will feature the 2016 Baldrige Award recipients and many more national role models sharing their best practices.

About the author

Dawn Bailey

Dawn Bailey is a writer/editor for the Baldrige Program and involved in all aspects of communications, from leading the Baldrige Executive Fellows program to managing the direction of case studies, social media efforts, and assessment teams. She has more than 25 years of experience, 18 years at the Baldrige Program. Her background is in English and journalism, with degrees from the University of Connecticut and an advanced degree from George Mason University.

Related posts

100% Satisfaction Guaranteed

100% satisfaction guaranteed. A simple statement. Easy to understand. But…. My story begins with Hurricane Milton, one of two tragic hurricanes to hit the west

Why Apply to Be a 2025 Baldrige Examiner?

IYKYK. * But if you don’t know why it’s beneficial to be a Baldrige examiner®, I invite you to find out what experienced Baldrige examiners have discovered


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.