As a result, the number of data breaches reported by healthcare companies rose 60 percent in 2014, according to PricewaterhouseCoopers — twice the rate of other industries.
The breach also indicates another problem at the hospital chain — although the breach was first detected in November, it took months for the hospital chain to do the forensic analysis, identify the compromised data, and contact patients.
"This attack indicates a clear need for stronger cybersecurity regulations," said Muddu Sudhakar, co-founder and CEO at security vendor Caspida.
Organizations need to not only improve their security, but their reaction time as well, he said, suggesting that regulations should be mandated to inform customers within 30 days of discovering a data breach.
Unstructured data in particular is a problem for many companies.
"This is one of the main things that organizations need to get up to date with," said David Gibson, vice president of marketing at security vendor Varonis Systems. "They need to make sure they understand where all the sensitive information is, and watch what people are doing with it."
Sign up for CIO Asia eNewsletters.