As hospitals shift their security efforts, healthcare data security is in transition. External hackers are less of a concern these days than insiders snooping on electronic medical and financial records. Hospitals are exchanging more data with small physician practices that may not have adequate safeguards in place, while mobile devices are extending networks far beyond institutional walls. Plus, federal privacy and security standards are getting stronger, as are the penalties for violating those rules. "Your biggest [threats] are internal," Terrell Herzig, information security officer for the University of Alabama at Birmingham Health System, said at a health IT conference in Atlanta. Employees have been known to take unauthorized peeks at the records of VIPs such as local celebrities or prominent citizens, and with more than 50 million uninsured. Americans, there is a thriving black market for stolen and fraudulent health plan identification numbers.