Presuming this study is undertaken once again in two years' time, Lapidus predicts "the big theme is still going to be mobile" in 2014. "Everybody is still getting their head around it."

Even on the off chance that smartphone privacy and security is solved tomorrow, after all, "mobile in 2014 is going to be very different – and a whole lot more complicated."

Bottom line, organizations "have to figure out how they'll respond" to myriad security threats, on many different fronts.

Of course, it won't be easy.

Health providers "have a lot coming at them," says Lapidus. "They've got meaningful use, they've got EHR implementations, they've got HIPAA requirements" – to say nothing of their normal, day-to-day business of caring for patients.

All that said, "I wouldn't be so quick to give a pass because people are busy," he says. "Then that could be the universal excuse for everything. There is a responsibility for these organizations to protect patient data."

For a copy of the "2012 HIMSS Analytics Report: Security of Patient Data," visit krolladvisorysolutions.com.