Four out of five physicians have experienced some type of cyberattack as health care continues to be the No. 1 industry affected by data breaches, according to a new report by the Healthcare and Public Health Sector Coordinating Councils.

The report highlights the increasing and costly trend of data breaches in the health care industry, which accounted for 25% of total attacks last year – the most of any industry. On average, a health care organization spends $2.2 million dealing with a data breach with a cost of $408 per compromised record.

The trend continues with almost 80 health care cybersecurity breaches so far this year. The largest data breach occurred last month and affected almost 20 million customers using the medical testing companies Quest Diagnostics and LabCorp. The breach occurred with the companies’ third-party vendor, American Medical Collection Agency. LabCorp and Quest Diagnostics cut ties with the vendor, which subsequently filed for bankruptcy.

This week, Los Angeles County officials announced thousands of patients at area hospitals had their personal information stolen in a data breach attack on a vendor contracted with the county Department of Health.

Last month, Washington-based Grays Harbor Community Hospital staff had to resort to pen and paper after a ransomware attack, according to the Daily World. In April, a medical practice in Michigan closed after refusing to pay $6,500 in ransom after an attack, resulting in hackers deleting every single patient file.

The report calls for health care facilities to identify cybersecurity weaknesses and threats and to allot more money in their IT budgets to address the concerns. The Healthcare and Public Health Sector Coordinating Councils is a public-private partnership between the U.S. Department of Health and Human Services and private health care providers created to address physical, operational, and cyber threats to the industry.

Data breaches are a cybersecurity threat that allows hackers to access and then sell stolen information, such as names, birthdays, and Social Security numbers, on the dark web. In ransomware attacks, cybercriminals use a type of malware to shut down computer systems until the ransom demand is paid.