Driven by increased attacks from criminal hackers, and pervasive regulations, healthcare organizations in the U.S. are encountering numbingly complex issues when it comes to data security. Healthcare data is more desirable to criminal hackers than ever. While a stolen credit card is valuable only for a limited time (and has a correspondingly lower value), PHI and electronic medical records (EMR) contain immutable personal data that can and does fetch hundreds of dollars per stolen record on illegal online markets. U.S. healthcare organizations are also beset with an intricate web of compliance requirements with the HIPAA/HITECH act only the tip of the iceberg. Federal and state privacy laws, Electronic Prescriptions for Controlled Substances (EPCS) as well as US Food and Drug Administration (FDA) requirements are among others requiring healthcare organizations’ compliance.