Hackers recently attacked the IRS, breakinginto its system to steal data on 104,000 taxpayers and collectingup to $50 million in refunds. If that wasn't painful enough formost Americans to think about, add in the pain from recent breachesof health care data that exposed the personal and health data ofmillions.

|

Now the question is not "whose data has been exposed?" but"whose data hasn't been exposed, yet?"

|

In fact, the health care industry is experiencing a surge indata breaches, security incidents, and criminal attacks — exposingmillions of patients and their medical records — according to thelatest Ponemon Institute study.

|

Who is most vulnerable? Health care organizations includinghospitals, clinics, private or public health care providers — alsoreferred to as "covered entities;" and their "business associates,"including patient billing, health plans, claims processing, andcloud services.

|

Even the U.S. Coast Guard, so proficient at protecting ourcoastlines, was recently slapped for serious shortcomings inprotecting personal health information.

|

And, of course, you've heard the recent news of breaches atAnthem, Premera Blue Cross, and CareFirst.

|

Speaking of those breaches, the following slideshow identifiesat a glance what was compromised. Let's take a look (and be glad itisn't longer).

|

|

What was exposed in recentbreaches?

|

IRS – Thieves got "enough personal informationon the taxpayers to get past the security filters on the 'GetTranscript' function on the Internal Revenue Service's website,"said Commissioner John Koskinen. That access during mid-Februarythrough May allowed them to gain access to past tax returns. And,presumably, all the data you enter on a return: name, address,Social Security numbers, income, and more.

|

|

|

Beacon Health System – Information on 220,000of Beacon Health System's patients and employeescould have been compromised, Healthcare IT News reported,"including patient names, ID numbers, Social Security numbers,dates of birth, medical diagnoses, treatment data, drivers' licenseinformation, and other medical-related information." Apparentlyattackers gained access to these files via a phishing attack onBeacon employee email accounts in November 2013 and weren'tdiscovered until January 2015.

|

|

|

CareFirst – The 1.1 million-record hack ofCareFirst, a BlueCross provider in Washington, D.C., occurred lastJune, and was just discovered recently. The hacked info "may haveincluded member names, birth dates, email addresses and subscriberidentification numbers. Additionally, CareFirst warned that theattackers may have acquired member-created user names for accessingCareFirst's Website," eWeek reported.

|

|

|

Premera – Potentially exposed data from morethan 11 million customers, including names, birthdays, emailaddresses, physical addresses, telephone numbers, Social Securitynumbers, member IDs, bank account information, medical information,and insurance claims.

|

|

|

Anthem – This breach exposed data includingSocial Security numbers, addresses, email, employment and incomedata from as many as 80 million records.

|

We know what consumers are supposed to do in the wake of a datahack. "Check your bank accounts, monitor your credit" is the advicetypically given. And, of course, take advantage of anycredit-monitoring services your hacked provider is offering.

|

But what about the organizations themselves?

|

|

|

So what can I do? I'm not in IT

|

Plan and be proactive is the non-technical advice from the goodpeople at LegalTech News. Beefing up your "cyber defense" takes"a combination of technology, training and process management."

|

When, in spite of your IT and security department's bestdefenses, a breach occurs, "planning and proactivity can helpmitigate the liabilities associated with data loss; this meansthinking about the breach in advance, and having representativesfrom potentially affected departments ready to assess the situationand react accordingly, even if the internal resources needed forcybersecurity defense teams are unavailable."

|

And, we suppose, be ready with a credit-monitoring service foryour customers.

How can you transform your risk managementpreparedness and response strategy into a competitiveadvantage? Introducing ALM'scyberSecure — A two-day event designed toprovide the insights and connections necessary to implement apreparedness and response strategy that changes the conversationfrom financial risk to competitive advantage.  Learn more  abouthow this inaugural event can help you reduce risk and add businessvalue.