BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Consumers Take Their Business Elsewhere After a Data Breach

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 23 Oct 2013 01:01:12 -0600
http://www.infosecurity-us.com/view/35207/consumers-take-their-business-elsewhere-after-a-data-breach-/

The costs of data breaches have been well-documented when it comes to
remediation and consulting costs, but the more qualitative fallout from a
breach, like the impact to brand identity, is harder to pin down.

But a new survey reveals that two-thirds of US adults would not return to a
business if their personal information were stolen – and provides insight
into what types of businesses consumers would most likely stop patronizing
if their confidential information was stolen.

“With every data breach comes a cost, including lost productivity, a
damaged reputation, and most importantly, decreased revenue when customers
take their business elsewhere,” said John Otten, marketing manager at
Cintas, which commissioned Harris Interactive to carry out the survey.
“This research confirms that by failing to make security a priority,
businesses can discourage once-loyal customers from returning. It could
also stop potential customers from ever patronizing your business.”

When asked which types of organizations patrons would stop doing business
with if their personal data were compromised, respondents named banking,
healthcare and lawyers as being under the most scrutiny. More than half
(55%) said that they would change banks, which is no surprise. And 39% said
that they would get a new lawyer. But healthcare is really under the gun
for consumers, likely because of the sensitive nature of the personal
information that could be compromised: 46% said that they would switch
insurance companies, 42% would go to a different drug store/pharmacy and
40% would get a new doctor or dentist. A full 35% said that they would not
return to their hospital.

Charitable giving was another at-risk area for brand impact after a breach.
Consumers want to know their money is safe and going to where it is
intended when they give to a cause. Accordingly, 38% said they would donate
to a different charity/non-profit organization, while 24% said that they
would no longer donate to their alma mater or another educational
institution they attended in the event of a breach.

The survey comes as data breaches continue to be reported, and are being
perpetrated via a number of vectors. And yet, organizations’ responses
persist in their lack of brand-equity damage control. For instance, 729,000
patients’ data may have been compromised after two password-protected
laptops were stolen on October 12 from Alhambra Hospital Medical Center
(AHMC) in Alhambra, Calif. The laptops had been guarded and gated by a
security team with video surveillance, but the thieves made off with them
anyway.

The Los Angeles Times reported that the breach included patient Social
Security numbers as well as their names, Medicare/insurance identification
numbers, diagnosis/procedure codes and insurance/patient payments.

The breach affects AHMC patients that were treated at Garfield Medical
Center, Monterey Park Hospital, Greater El Monte Community Hospital,
Whittier Hospital Medical Center, San Gabriel Valley Medical Center and
Anaheim Regional Medical Center. “We regret any inconvenience or concern
this incident may cause our patients,” AHMC said – which, given the survey
results, is unlikely to cut it with its consumers.

Meanwhile, a former Broward Health Medical Center employee took documents
containing the personal information of nearly 1,000 patients from the Fort
Lauderdale health system, it said this week. The records contain names,
addresses, dates of birth, insurance policy numbers and the reasons for
visiting – a potential jackpot for identity thieves.

According to the Sun Sentinel, about 960 patients, treated between October
and December 2012 at Broward Health's main facility, are being notified via
letters. These simply alert them that their registration documents had been
"inappropriately removed."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: