Ransomware attacks are the biggest data breach threat facing nursing facilities and other healthcare institutions, a new analysis finds.

Such cyber-attacks — where a malicious software blocks access to a computer system until a sum of money is paid — accounted for 68 out of 602 healthcare breaches over the past two years, a Bloomberg investigation concluded. Often, these attacks piggyback on emails, and experts said better training is needed for employees to spot the signs of a threat.

“Part of the reason individuals are so vulnerable is that they receive so many emails that each one isn’t carefully reviewed,” Colin Zick, a healthcare attorney with Foley Hoag, told Bloomberg.

Mailing errors were the second biggest cause of breaches that occurred between 2016 and 2018 and were resolved by March 2019, the analysis noted. They accounted for 52 incidents.

Training should focus on recognizing phishing attempts and resisting the urge to click on questionable hyperlinks, Zink said. Experts also suggested punishing employees who violate privacy laws, segmenting data to minimize ransomware attacks’ reach, and conducting periodic disaster recovery tests.

Addressing potential cyberthreats is on the minds of all healthcare providers. Most recently, the Department of Health and Human Services announced a Tennessee diagnostic medical imaging services company agreed to pay $3 million to settle a breach that exposed more than 300,000 patients’ protected health information.