A data centric approach can mitigate the argument of whether threats are caused more by rogue insiders or malicious outsiders. It simply will not matter. The real question for medical facilities now is how to best concentrate IT security efforts on protecting EHRs.