iStock_000014954811_XXXLargeCyber criminals are targeting health care providers at alarming rates. A hospital, insurance company, or other organization in this field is a gold mine for identity thieves. Medical records contain everything these criminals want to know, such as Social Security numbers, birth dates, and other sensitive data.

And yet, many health care organizations still approach data security from an old-fashioned standpoint, by focusing on HIPAA compliance. Sure, compliance is important, but in today’s world we really need to look at this issue from a risk management perspective.

For example, many health care providers only worry about local data security, rather than taking a look at the security of third-party vendors. That famous Target security breach last year was actually caused by a weakness in a third-party vendor’s protocols. A fence is only as strong as its weakest section. Therefore, data that is transmitted to a third-party vendor is only protected if that third party is protected as well.

Another common mistake in the health care field is the failure to involve the right people from the outset of the risk management process. Bringing in data security specialists helps to ensure that information is fully protected, from storage to transmission and beyond. Data security should be layered, meaning more than one method is employed to ensure the ultimate level of safety. Tools should be auditable, so that they can be tested for weaknesses or failure. And finally, data security experts stay up to date on the latest specific threats and trends in cyber crime, and can quickly employ methods to address these threats.

As cyber criminals develop increasingly sophisticated methods of carrying out their plots, health care organizations must take note. This type of crime will only increase in 2015 and beyond, so providers must take this threat seriously and implement up-to-date risk management techniques now.