Gallagher sees a healthcare industry facing ever more sophisticated and persistent threats from one-off hackers and nation-state attackers who stow patient data for future use.
"I don't think we were prepared," said Gallagher, who was formerly senior director of cybersecurity at HIMSS.
One of the more common attacks against healthcare providers involves the use of ransomware, where patient records or hospital networks are hacked and subsequently locked down until a ransom is paid, typically in untraceable electronic currency, such as bitcoin.
This week, for example, a hacker claimed to have stolen databases from three U.S. healthcare organizations and one insurer and is holding 10 million patient records for ransom, demanding as much as $500,000 in bitcoins.
Cymmetria The offer to sell 9.3 million patient records on Dark Net.
In February, a Los Angeles hospital paid nearly $17,000 in bitcoins to hackers who disabled its computer networks.
Hackers don't focus solely on hospitals and insurers; they also go after affiliated vendors who service the industry.
Today, for example, Massachusetts General Hospital (MGH) announced that almost 4,300 patients had their healthcare records exposed when "a trusted third-party vendor" that provides software to manage dental practice information for providers had its databases hacked.
CenturyLink, a worldwide communications company headquartered in Monroe, La., is currently tracking 150 variants of ransomware, the most common being large-scale email campaigns. Some reports indicate that they are more than 300 million malware strains.
"I really think in terms of ransomware, the stories of about hospitals paying the ransom are spreading among attackers, letting them know that they're a successful place to attack," said Cory Kennedy, lead information security engineer at CenturyLink.
Defending against ransomware can be relatively simple: healthcare providers, insurers or affiliated vendors need only keep current backups offline, Kennedy said. When an attack does occur, the backups can be used to restore the data.
Healthcare organizations have also been slow to educate employees about the dangers of cyberattacks, and to manage who in an organization has access to critical systems that store sensitive data.
However, while healthcare entities can become more proactive about security, cyberattacks will only grow more sophisticated. For example, hackers recently deployed a phishing attack against Amazon Prime users that was disguised as shipping confirmation emails.
Another new development came when hackers were able to disguise ransomware links in a way that makes the links look legitimate when a victim hovers a mouse pointer over them, Kennedy said.
"I think attackers will continue to do what they do, looking for holes," Kennedy said.
Sign up for CIO Asia eNewsletters.