CareFirst: A Primer on Data Breach Response

Consultant John Reed Stark took a look at the CareFirst data breach, which made headlines last month but apparently occurred about a year earlier and may have compromised data of more than a million members. He puts it in context, noting that one survey has found that more than 90 percent of healthcare organizations have suffered at least one data breach over the past two years, and explains why data thieves find “PHI” (protected health information) such an attractive target. He then lays out step by step what he thinks CareFirst should have done immediately and should be doing now. “Data breach response for healthcare organizations is multifaceted, intense and costly,” he concludes, “but if handled correctly and appropriately, can be the kind of successful failure that not only strengthens a company’s cybersecurity infrastructure but also reinforces a  company’s commitment to customers, partners and other fiduciaries. Time will tell if this is the case for CareFirst.”