The healthcare industry has been an avid adopter of new technology such as the cloud and mobile devices. The proliferation of electronic health records has yielded significant advantages for doctors and other health professionals, but technology deployments may be accelerating faster than data security paradigms can keep up.

The Washington Post conducted a year-long cybersecurity study and found that healthcare is the most vulnerable sector in regard to data breaches. Researchers chastised organizations for failing to address known software vulnerabilities as well as for poor practices among health staff. For example, many professionals sidestepped best practices such as implementing data encryption software and using strong passwords in favor of convenience.

"I have never seen an industry with more gaping security holes," Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University, told the news source. "If our financial industry regarded security the way the healthcare sector does, I would stuff my cash in a mattress under my bed."

The news source highlighted one case in which a university's medical center kept patient data stored in Dropbox with only a username and password required to authenticate users. The hospital allowed new residents to access the account through their iPads in order to improve patient care. As a result of these gaps in data protection, experts called for more stringent oversight in the healthcare sector to enforce the use of data encryption software and other solutions.

Healthcare data breaches: A growing threat
Researchers suggested the healthcare industry has not been targeted as much as finance, but there is growing risk as hospitals collect increasing volumes of patient data. According to Privacy Rights Clearinghouse, there were a total of 419 data breaches in the medical industry in 2011 and 2012. This resulted in more than 8.1 million compromised records. This is roughly equivalent to the number of records exposed in the financial services and insurance sector, suggesting that healthcare providers have already become a common target for cybercriminals.