University of Pittsburgh Medical Center (UPMC) recently informed patients that some of their personal information may have been compromised.

And as a result, UPMC topped this week’s list of IT security newsmakers, followed by BakerHostetler, Juniper Research and The MetroHealth System.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week’s list of IT security stories to watch to find out:

1. UPMC notifies patients about data breach

UPMC patient records may have been illegally disclosed by a MedManagement employee. MedManagement provides billing services to UPMC’s Emergency Resource Management physician group and other healthcare providers across the United States.

UPMC said approximately 2,200 people may have been affected by the data breach. The healthcare provider has alerted patients about the data breach and is working with MedManagement to investigate the incident.

“Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners,” John Houston, UPMC’s vice president of privacy and information security, said in a prepared statement.

2. Law firm’s study shows human error is biggest cause of data breaches

A new study from law firm Baker & Hostetler LLP revealed that human error is the biggest cause of data breaches.

Baker & Hostetler’s study of 139 IT security incidents from 2014 showed that 36 percent of cyber attacks were the result of employee negligence and 22 percent stemmed from theft by outsiders. In addition, the study indicated that theft by insiders caused 16 percent of these problems.

“Employee negligence is discovered quickly, yet companies are still not putting into place procedures and policies to have the issue escalated to someone who manages data responses,” Ted Kobus, BakerHostetler’s co-leader for privacy and data protection, told Bloomberg.

3. Data breach costs could surpass $2 trillion by 2019

Juniper Research is predicting that worldwide data breach costs will exceed $2 trillion by 2019.

The research firm’s new Future of Cybercrime & Security report revealed that new cyber threats targeting mobile and the Internet of Things (IoT) are emerging globally. And as a result, the average cost of a data breach could exceed $150 million by 2020.

“Currently, we aren’t seeing much dangerous mobile or IoT malware because it’s not profitable,” report author James Moar told Channel Partners Online. “The kind of threats we will see on these devices will be either ransomware, with consumers’ devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack. With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools.”

4. MetroHealth releases details about data breach

MetroHealth has informed almost 1,000 patients who received heart catheterization procedures at the hospital over the past year that their protected health information may have been accessed after three of its computers were breached. This incident may have affected patients who had procedures in the lab between July 14, 2014 to March 21, 2015, according to The Plain Dealer.

Patient information such as names and dates of services may have been exposed in the data breach, MetroHealth said.

“MetroHealth has no evidence that the malware is used to obtain medical information,” MetroHealth said. “We sincerely apologize and regret that this situation has occurred.”

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].