The threats vary, from worms and viruses that are adrift on the Internet, all the way up to nation-state attackers. But in healthcare, it's the professional criminals who keep me up at night. They've got time to figure out what your organization is doing wrong, and exploit those vulnerabilities for profit. We've already seen this pattern in the industry.
We have yet to see how theft of medical information will be used. The possibilities are many: wholesale medical fraud, blackmail, device hacking, and more. Healthcare organizations are still playing catch-up against the current generation of cyber attacks, so unfortunately, I think it may get a little worse before it gets better. The challenge now is adapting knowledge from other industries—government, defense, financial—so healthcare can come to the cyber defense level it needs, in a cost-effective manner.