The risk of a data breach comes in two parts, the probability of a breach and the consequence if the breach happens, but mitigating consequences is an area in which the healthcare industry falters, according to Niam Yaraghi, PhD, a fellow in the Brookings Institution's Center for Technology Innovation.
In a contributed piece to U.S. News, Dr. Yaraghi suggests healthcare organizations tend to focus more on preventing security incidents rather than handling the fallout once a breach occurs.
He compares the healthcare industry to banking, which he says "has mastered the art of mitigating the consequences of privacy breaches." After a breach of credit card data, consumers are immediately notified, their cards nullified and they receive new ones. "The process is so quick and efficient that consumers often face considerably less harm from a credit card data breach, especially because many credit card issuers now provide fraud liability coverage to their consumers and insure them against fraudulent charges."
That is not so in healthcare. Dr. Yaraghi characterizes the aftermath of a healthcare data breach as consisting of "panic, mandatory reporting and in some cases, provision of identity theft protection." He writes healthcare organizations don't have a viable strategy or technology to reduce the ramifications of breaches.
To address this gap, Dr. Yaraghi indicates the industry must first understand how hackers could use breached data. Only then will the industry be able to best figure out how to prevent such incidences from occurring. "To block a road, one should first know where the road is located," he wrote.
By understanding how hackers want to use stolen data, stakeholders will be better prepared to protect it, Dr. Yaraghi concluded.
More articles on data breaches:
Banner Health may face 3 new lawsuits after security breach
Why one security expert gives Banner Health's handling of its breach a 'C-minus'
Athens Orthopedic Clinic won't provide credit monitoring following breach affecting 200k patients