Financial institutions suffer more data breaches than healthcare organizations, right? Wrong. It's healthcare--by a factor of three to one.

A recent report from the Identity Theft Resource Center showed that compromised data stores from healthcare organizations outstrip those in other industries. According to the ITRC, healthcare organizations disclosed 119 breaches this year through early August, compared to 39 reported breaches in the financial services industry. Why is this happening?

To start, let's acknowledge history: the financial services industry has always been safeguarding valuable assets, like money, gold, jewelry and documents. But the traditional focus of healthcare is the patient. Securing patient data is a relatively new imperative, one that has been mandated through extensive regulations.

In a way, these regulations are failing the healthcare industry. Today's cybercriminals are so ingenious and employ such innovative and ever-changing tactics that compliance regulations simply cannot keep up. By the time a new security threat is identified and incorporated into mandatory compliance, it has already been exploited, the data has been lost and the damage has been done.

Unfortunately, traditional technologies for protecting content operate separately within uncoordinated systems that are hard to keep updated, expensive, hard to manage and ineffective against the most insidious threats. Compliance, which is a necessary step toward reducing breaches of confidential patient data, instead should be part of a proactive, holistic security plan that includes effective policies, employee education and the proper technologies.

First of all, create realistic content security policies. It's important to know how confidential information moves within your organization, while ensuring that you're protected from malicious Internet threats. With this knowledge, put in place policies that control who is leveraging data, how the information is being used and where it's being transferred.

Then, educate your staff to reinforce established policies and help remedy broken or risky business processes. When in doubt, keep repeating best practices to your employees. Hold a mandatory in-person seminar with your fellow employees at least twice a year to talk about the ramifications of data breaches and latest best practices.

Finally, adopt real-time content security technology that proactively protects your organization from the latest methods employed by cybercriminals. For effective protection and easier management, choose integrated security products that feature unified threat analysis, unified management consoles and reporting, and flexible deployment technologies (software that you install on your servers, appliances for peak performance or cloud services that require no on-site hardware). Internal and external threats are ever-changing, so your security technology also should analyze web traffic in real-time and be able to categorize dynamic web 2.0 content while blocking malware and preventing confidential data loss.

The bottom line is clear: Compliance regulations are necessary, but a holistic security plan is significantly more effective for real-time content protection. Unfortunately, the cost of a data breach, whether from a malicious intruder, a disgruntled employee or a simple mistake, can have lasting repercussions on the reputation of an institution that was built on years of excellent patient care.

Jim Haskin is senior vice president and chief information officer of IT security firm Websense.