This past week, Anthem Inc., a leading health insurance company, announced that it had been the victim of \u201ca very sophisticated external cyberattack\u201d that \u201cgained unauthorized access to Anthem\u2019s IT system and have obtained personal information from our current and former members such as their names, birthdays, medical IDs\/social security numbers, street addresses, email addresses and employment information, including income data.\u201d Some 80 Million customers and employee records have been impacted by this breach.\nThe incident will have near-term implications for Anthem as it relates to the likely costs of providing identity protection support to their members. For the public, the effects of this incident may well play out over a long period, since the attackers could continue to abuse certain pieces of data ( such as social security numbers) in myriad ways that cannot be anticipated just yet.\nThe Anthem data breach, along with other highly publicized cases like Sony and Target , tell us that corporate information systems are fighting a losing battle against hackers. Healthcare, in particular, could be especially vulnerable. In April 2014, Kaiser Permanente had announced that it had been the victim of a data breach.\u00a0The incident affected a relatively small number of individuals but it was nevertheless significant that one of the largest health systems in the country could not prevent these incidents. Where does that leave relatively smaller health systems that are struggling to survive and cannot afford to invest in the kind of state of the art infrastructure that can protect their environments from cyberattacks?\nThe implications are especially serious for Healthcare IT, for the following reasons:\n- Healthcare IT infrastructure is generally old and inadequate for the current needs of the marketplace, relative to other sectors like retail and banking\n- Healthcare technology budgets are arguably the most under pressure when compared to other industry sectors\n- Shrinking tech support staff, combined with end of life equipment that\u2019s falling out of support means that IT systems are more vulnerable than ever before\nIronically, the margin pressures on the healthcare sector, arising from reduced reimbursement rates and a transition from a fee-for-service to an outcomes based model, mean that in the near-term, IT spend will continue to fall at a time when there is a dire need for investment in upgrading aging infrastructure. The condition of healthcare IT infrastructure is as much a patient safety issue as it is a cybersecurity issue.\nEmerging technology trends will likely create a new set of challenges for beleaguered healthcare companies struggling to remain ahead of cyberattacks.\n- Alternate models such as cloud computing: Cloud computing is becoming an accepted model across all sectors. Many analytics vendors are delivering solutions using a cloud computing model which requires healthcare data to be transferred to their cloud environments for analysis. It could be argued today that data is much safer in a cloud environment that is managed by an Amazon, Microsoft, or a Google. These are firms that have robust infrastructure security in place, which in most cases, are better than those of corporate IT in healthcare companies\n- The exchange of Protected Health Information (PHI) with Business Associates, such as analytics vendors: In cloud computing models, healthcare data often needs to be transferred to vendor cloud environments, usually in an encrypted and anonymized form. While the anonymizing of data ensures a degree of data security, the governance processes around the transfers and use of data are still emerging. Ultimately, as a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), healthcare companies are also liable for data breaches that occur in their vendor environments.\n- The Internet of Things ( IoT) and Consumer Health Technologies: We are likely to see an explosion of consumer health data arising from the use of wearables and other devices that are increasingly likely to connect to EMR systems to help individuals and doctors help manage health and wellness. The Federal Trade Commission (FTC) has published a report \u00a0raising concerns about the privacy and security of healthcare data arising from the emerging IoT trend.\nAnthem is a health insurance company and has limited medical information on its members, unlike large providers like a Kaiser Permanente whose Electronic Medical Record (EMR) systems contain detailed diagnostic and treatment information on patients. The compromise of detailed medical information could be far more damaging to individuals if a large health system were to be compromised in a data breach. Ironically, it is the large health systems that are most vulnerable due to their outdated IT infrastructure.