The healthcare industry as a whole does a great job addressing the core issue of privacy. Clinicians and physicians alike have always fiercely protected their obligations to patient confidentiality. In the U.S., HIPAA provides additional strict enforcement.\nBut the immaturity of healthcare organizations\u2019 cybersecurity can inadvertently create a significant privacy gap. Even with strict adherence to privacy policies, when healthcare organizations\u2019 security falls short, their privacy provisions become inadequate by default.\u00a0\nThe new rise of the individual market gives consumers a great deal of choice regarding their healthcare payers and providers. Consumer confidence in healthcare companies will increasingly be challenged by cybersecurity breaches and hacks.\nThe range of cybercrimes impacting healthcare globally continues to grow. For example, even if an institution takes efforts to separate from patient records the core data needed for cybercriminals to create false identities, the opportunity for theft of records to create blackmail opportunities remains. Clinicians in these instances are also at risk of criminal penalties for not protecting the privacy of records. When there is enough data to create an identity, cybercriminals can leverage this data to create identities and to gain fraudulent access to medical treatment, drugs or medical equipment.\nThere are also examples of cybercriminals stealing millions of records from providers and payers in the U.S. \u2013 primarily because the reward is so high. After all, while a stolen credit card is worth less than $1 on the black market, a stolen medical record can be worth as much as $40 or more.\nThe reason for the difference is simple. The banking and financial services firms have invested in cybersecurity technology and policies, which provides protection against misuse of stolen identities and card numbers. Further, there are relatively easy (although inconvenient) remedies to cybercrime in financial services \u2013 we can easily cancel our credit cards.\nBut in healthcare, it\u2019s not so easy \u2013 there is no ability to \u201ccancel a healthcare record.\u201d Plus, when criminals steal personally identifiable information from health records it takes far longer to pinpoint the source.\nThe immature investments around cybersecurity make healthcare payers and providers susceptible to costly breaches and even more costly risks to the reputation, brand power and public confidence in those organizations. The costs start with fines, civil and criminal penalties, and continue to climb both in terms of the inconvenience of reconstructing records and the loss of confidence. Healthcare depends heavily on the trust of the patient \/ member with their healthcare organizations. If healthcare consumers cannot trust the security of the data stored by their healthcare payers and providers it doesn\u2019t take long to destroy that bond.\nNow is the time for healthcare payers and providers to take action with step-change investments in cybersecurity. Cybersecurity, like analytics, is not a back-office IT function. It is a fundamental frontline service that impacts everyone \u2014 from administrators and doctors to patients. Cybersecurity needs new policies and a new culture.