If a company gets hacked, is there someone chasing down the hacker? I’m not sure, but we sure jump on the victim; we beat them down by humiliating the person or company, fining them, and often putting them out of business.
Let’s use this logic in a different perspective:
A liquor store gets robbed, and the thieves take everything in the safe at gunpoint. We would insist that the liquor store did not do enough to secure their customer information and money in the safe. We would post the name of their company on a government website. Scumbag attornies would then start a class action lawsuit saying that the customers of the liquor store suffered damages, not from drinking their liquor, but because of the data that was stolen.
Does this seem like the right approach?
For the sake of transparency, I have been a software developer in the Life and Healthcare industry for most of my career. This is not an attempt to minimize the necessity of securing patient information or security. What I’d like to start a discussion about is who is actually responsible for data breaches. It seems to me that we allow the victim, in this case, any company that has data stolen, to be treated as the cause of the problem.
Most companies are caught between two quandaries: customers who want their information easily accessible and blocking access to this data from unauthorized individuals.
As a software developer, I’m aware of the many ways that a person with mal intent can try to infiltrate a company’s systems.
