Recent discoveries, along with the recent drama over the Heartbleed bug, make me believe that in next few months we could see the largest leak of private patient information ever reported. Attacks against health IT systems are particularly concerning because so much personal data lives in an electronic health record. If hackers compromised such a system, they'd get contact and financial information, as well as lots of even more personal health data. Heartbleed, the recently exposed vulnerability in a very common version of OpenSSL, put pressure on many IT security professionals to roll out quick fixes. Unfortunately, backwards thinking in health IT, arguably one of the most important-to-protect arenas, leaves many vendors unprepared to respond quickly to bugs like Heartbleed.