This is just for the US. By my reckoning, you’re best thinking of your health records as public knowledge…:
According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more startling by the fact that the number of breached patient records in 2018 is three times greater than the number of records breached in 2017.
This article also carries advice about how to improve. none of it is earth shattering. For example:
[…] In order to ensure that its IT security systems are in compliance with industry best practices, a Covered Entity should consider undertaking a review and analysis of its IT infrastructure against an existing healthcare industry cybersecurity framework – e.g., the Common Security Framework (“CSF”) developed by the Health Information Trust Alliance (“HITRUST”). As noted in a February 2018 GAO report, “CRITICAL INFRASTRUCTURE PROTECTION: Additional Actions Are Essential for Assessing Cybersecurity Framework,” DHHS officials have identified compliance with CSF requirements as a strong indication that a Covered Entity’s cybersecurity program complies with Federal governmental standards (i.e., the National Institute of Standards and Technology’s (“NIST”) Framework for Improving Critical Infrastructure Cybersecurity) and meets health care industry best practices.