Still, hospitals and insurance companies aren't necessarily more vulnerable than banks and government entities. Miten Marfatia, the CEO of the IT solutions provider EvolveWare, tells me that no matter what industry, vulnerability depends on the type of systems they have. "The older the system, the more vulnerable it is to cyberattacks," he says. The fix to this seems obvious—update software regularly to prevent breaches—but not enough healthcare companies understand the issue.

"Advanced cybersecurity defenses are still a relatively new idea to many healthcare organizations," said Greg Kazmierczak, the CTO of data-security company Wave Systems Corporation. "Big banks and large financial firms, on the other hand, have been dealing with these issues internally and in the public eye for the past decade or so with the large-scale breaches of JP Morgan and Bank of America."

In other words, as more attacks happen, more victims will beef up their cybersecurity. So, with the Premera breach, it's the healthcare industry's turn to rethink data security.

Medical data is also becoming a highly lucrative target. "Financial data has always been a priority, because it's low-hanging fruit," Calhoun says. "But over the past couple of years, we've identified that medical information has a higher value on the black market than credit card information."

This, he says, has more to do with what a person whose data has been accessed can do. When it comes to financial data or stolen credit cards, for example, people can take steps to cancel their cards and prevent identity theft. With medical data, no such contingency plan exists, as companies continue to figure out how to respond both quickly and efficiently to cyberattacks.

For now, both Anthem and Premera have consulted the cybersecurity company FireEye Inc. to investigate their vulnerabilities. Laura Galante, FireEye's threat intelligence manager, told me that as more of these breaches occur, healthcare insurers have gained, as she puts it, "a new appreciation for advanced threats intent on compromising their networks."

Yet it's not just about fortifying security against potential hackers, she says. Replacing or updating security systems is important, but when these data breaches occur, they test patients' trust in the healthcare industry. This means that hospitals and health insurance companies need to better communicate to their patients and customers about how their medical data is protected in the first place.

"Historically, companies have to be adept to buying the latest technology," Galante said. "But this problem goes beyond that."

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.