What makes the healthcare industry such a hot target for hackers? The answer lies in the records that they keep. Medical records contain some of the most valuable personal information — social security numbers, birth and death dates, family information, billing information including credit card data — that allow hackers to gain full reign on a person’s identity and do some major damage. Just like any other business, even in hacking it boils down to the bottom line, and hackers want the most payout for their efforts. Healthcare organizations are the latest gold mine.

Yet, so many organizations are doing a poor job of protecting patient data. According to the Identity Theft Resource Center 2011 Breach Stats Report, 20 percent of all data breaches reported in 2011 were in the healthcare industry; the Privacy Rights Clearinghouse pegged this number at 33 percent in 2011. So, anywhere from one-fifth to one-third of data breaches last year were at healthcare organizations – that’s significant.

When it comes to healthcare, accuracy and attention to detail are not only important, they can mean the difference between life and death. Preventing misdiagnoses or mistreatment is taken very seriously.

Today, not only are patient lives on the line, but also, their information is increasingly online—on the hospital’s IT system, on private networks and even on the Internet. Mishandling of this data, or unauthorized use of it, can result in the wrong medical treatment, identity theft, data breaches and more. At the same time, more people need access to this information than ever before and from a variety of devices. The proper administration of healthcare data should be taken very seriously.

Just as clinicians use the “Five Rights of Medication Administration” to ensure proper patient care, the digitization of healthcare records and patient information means healthcare providers need to adopt best practices for ensuring proper security and privacy for patient data. To help organizations better understand their role in the administration of patient data Symantec has outlined specific best practices to ensure that patient information is kept secure regardless of where it is.

A few figures released over the last week paint a dismal picture of the state of information protection in the healthcare industry. More than 20,000 patient medical records were exposed in yet another hospital data breach. A report from the Health and Human Services Department (HHS) found that more than 7.8 million people had their medical information compromised in more than 30,500 breaches since the enactment of HITECH , while a report from the Digital Forensics Association shows that disclosure of health industry data breaches has increased markedly during this same timeframe.

By the numbers, it would seem that the healthcare industry is in crisis when it comes to protecting patient data, and it’s costing them. According to the Ponemon Institute 2011 U.S. Cost of a Data Breach study, sponsored by Symantec, health data breaches cost $301 per lost record, which is 40 percent higher than average. Contributing to the higher cost is compliance with data protection regulations that requires health organizations to do more to find, disclose and fix breach-related problems. In addition to disclosure laws in 49 states, healthcare organizations also must comply with HIPAA and HITECH.