2016 was a record-breaking year for cyber criminals, with Bloomberg reporting a 40% increase in attacks over the previous year. That year also brought a bigger target on the back of the healthcare industry with over 16 million patient records stolen in the U.S. alone. As we approach the end of 2017 we must recognize these attacks prompt a need for a complete modernization of the industry’s cyber security protocols, including a thorough review of their cyber liability insurance policies.

The healthcare industry is the second largest victim of cyber attacks, second only to the lucrative financial industry. The WannaCry breach was 2017’s biggest plunder. The U.K.’s National Health Service (NHS) was hit hardest by this ransomware, but U.S. hospitals did not get away scot-free, and even pharmaceutical giant Merck fell victim. This widespread healthcare industry attack is thought to have been perpetrated with malicious e-mail attachments innocently downloaded by hospital administrators and doctors.

The level of risk for the healthcare industry is not only dangerously elevated but its consequences are particularly frightening. Rather than simply gaining access to credit card information or other financial data, many attacks in this sector are planned purely for chaos, whether by amateurs or by foreign enemies. Some criminals may hack into medical devices, like robotic surgery tools, pacemakers, and insulin pumps. Others may encrypt patient information in order to demand a ransom.

But there is another key reason criminals target the medical industry for cyber attacks. The medical field is notoriously slow to upgrade its IT strategies, often having cyber security policies a decade or more out of date. With the rise of electronic patient records, the out-of-date security is egregiously negligent. Many blame the lack of funding in public systems or the bureaucratic approach to cost-cutting, but whatever the cause, the industry needs awareness and practical solutions immediately.

One of the best and most affordable solutions for today’s healthcare environment is a well-chosen cyber liability insurance policy. While prevention through a comprehensive cyber security strategy is necessary, it is still fallible, That makes having a cyber liability policy a must. Even the best-funded IT security can be breached, but having cyber liability insurance in place can help keep hospitals, doctors offices, and other vendors from facing bankruptcy following an attack. With the threat against healthcare services expected to continue climbing, there is no excuse to wait.