Photo credit: Getty/TCmake_photo
The healthcare industry should heed cybersecurity lessons from the banking industry--where even when breaches happen, application of consequences is swift and confident, according to Niam Yaraghi, a fellow in the Brookings Institution's Center for Technology Innovation.
Currently, Yaraghi says in a post at U.S. News and World Report, the healthcare industry suffers an attack and goes directly into panic mode.
Instead, he says, it must, like the banking industry, work to prevent risk up front. Additionally, Yaraghi says, the healthcare industry must reduce the consequences for victims when an attack does occur.
“The banking sector has mastered the art of mitigating the consequences of privacy breaches,” he says. “Immediately after the breach of credit card data, all affected consumers are notified, their old credit cards are frozen and new ones are issued. The process is so quick and efficient that consumers often face considerably less harm from a credit card data breach.”
The healthcare industry, however, has neither the right strategy nor the technology to respond to breaches in a similar fashion, according to Yaraghi.
The attacks on the industry are constantly evolving. Just this month, FierceHealthIT reported that a cyberattack on Banner Health that initially impacted systems that process payment card data at food and beverage outlets ultimately led to patient and health plan member information being compromised.
To better addresses such attacks, Yaraghi says the industry must know what data the hackers want and how it could be used. Once healthcare entities know all the incentives behind the attacks and why the hackers want certain information, they can better design solutions to keeping data safe.
That includes, he adds, leaning on the expertise of agencies such as the FBI or the Health and Human Services' inspector general. They “can also shed considerable light on other ways through which criminal organizations use stolen medical data to commit fraud.”
To learn more: