[ Wednesday, August 29, 2007 ]
Bad Security = Bad Publicity:
On a slightly different point than my usual screed (that it's financial/identity data that the bad guys want, not medical data), I've also noted that the biggest risk from most data breaches isn't that the information will be stolen and misused, it's that the company that allowed the breach (and didn't proactively manage the post-breach resecuring and mitigation process) will suffer a bad PR black eye.
Face it, if you come into the office one morning and find that your laptops and computers have been stolen, it's probably not Jason Bourne of MacGyver taking the hardware to data-mine it. The odds are very, very long that such a data breach would result in a patient suffering identity theft or some other problem. However, it the patient thinks
you're being cavalier with their data and it looks like
you aren't exercising good security, that will be enough to impact the reputation of your business. At least that's what people say in this InformationWeek article
Jeff [11:07 AM]
Blogger: HIPAA Blog - Edit your Template