Most consumers have either been directly or indirectly impacted by credit card or personal financial information thefts by hackers. These consumers are clearly more careful about how and where they shop as well as having new credit cards issued or having their credit monitored. However, there is a set of data almost all people maintain and is 10 times more valuable to hackers on the Dark Web than credit card numbers: Your healthcare record.\n\nHealthcare information holds a wealth of information that a hacker can monetize. Healthcare records often have Social Security Numbers, birth dates, financial information and personal and business addresses and other valued personally identifiable information (PII). However, it\u2019s the information that you wouldn\u2019t think of that is what the hackers are after.\n\nHealthcare information can be used as blackmail with the threat of publishing specific diagnoses to targeted, interested parties or to the public. Hackers can use your insurance information to post false insurance claims and then cash the reimbursement checks. If a patient is prescribed certain drugs that are popular on the street, the hackers can put in false prescription requests at multiple pharmacies and then sell those drugs. Because your healthcare record is so unique and so incredibly personal, it can\u2019t be changed as easy as issuing a new credit card.\n\nIn fact, a recent KPMG report discovered that 81 percent of U.S. healthcare organizations (hospitals and insurance companies) have been breached in the past two years (Disclosure: I am an employee of KPMG). This is an amazing statistic, but is understandable when you really consider the wealth this data provides.\n\nBut is the healthcare industry adapting to market changes fast enough? Not as fast as you would think. According to the KPMG report:\n\nBad actors will evolve with the times. As long as there is data to monetize, bad actors will find any way possible to penetrate a company\u2019s firewalls. Just as a bad actor has to evolve with the times, so does the CIO.\n\nCybersecurity should not be thought of as a patch or a problem with a one-time fix. Healthcare CIOs should look at security as a constantly growing ecosystem that needs to be tended to, watched and upgraded when needed. To create this ecosystem, a healthcare CIO needs to think about his\/her overall investment in cyber: Where am I spending my budget -- in people or technology? Do I have security protocols in place if an attack is discovered? Do I have a dedicated team whose only responsibility is keeping my organization safe? Am I properly training the entire staff of my organization about proper handling of information? Will we lose the trust of our patients if we fail to protect their information?\n\nAnd how do I stay one step ahead of the bad actors.