Data breaches are becoming more common - and costly.

Federal HIPAA penalties have lurked in the wings for years, but now accused operators have state attorneys’ general and plaintiff’s attorneys to worry about.

Last week, for example, insurer Anthem reached a $115 million settlement with consumers over a 2015 event where hackers stole private information on nearly 80 million people. Anthem admitted no wrongdoing, but was dinged by bad publicity and penetration of its data security.

“I have no doubt that we’ll be seeing more of these class-action suits and settlements as data breaches continue to proliferate,” Eric Fader, a healthcare attorney with Day Pitney LLP in New York, told Bloomberg BNA.

Long-term care providers have an added burden of securing records for an extended period — and it’s usually for information that remains valid well into the future, unlike credit cards numbers that can be changed, experts point out.

Ransomware, employee blunders and disgruntled employee actions are among authorities’ biggest concerns.

In May, a Texas health system agreed to a $2.4 million HIPAA-related settlement after it appropriately named to authorities a patient who had used a fake I.D. card, but then the provider carelessly published her name publicly in a press release.

That’s why continuing staff training, monitoring, testing and investment in processes are vital for providers, experts emphasized.

The Department of Health and Human Services’ Office of Civil Rights recently published a quick-response checklist for providers who might have been victim of digital skullduggery.