From what I have been hearing, IT security professionals are tired of reading the headlines about the next breach being the “wake-up call.” Yes, more needs to be done and no one is denying that. The problem is that a) there might only be so much that folks can do, given financial and people restraints and b) given that the healthcare industry is so vulnerable for attacks due to its valuable data, hackers will find a way if they want to.
The key is to limit the damage they can do, make them work harder than they want to, and protect yourself as much as possible. Unfortunately, as with many things, sometimes you can only control so much. Last week I was at the IHT2 Health IT Summit in Miami, Fla., and during a panel discussion on data security, one HIPAA security officer compared an attack to having a party in your home. As people walk in, you want to know if they were invited, so you have someone who greets them at the door. Now, your guests cannot go into the bedrooms. But if they do get there, they can't get to the safe. If they do get to the safe, they can't get the combination to get inside it. The idea is to make them break multiple things, and the same holds true for hackers.
That being said, with this particular breach being one of the biggest ever in healthcare, it has certainly gotten the attention it deserves; Congressional leaders are concerned over the potential lack of protective measures in the industry. So to answer your question, yes and no—yes, this massive breach has gotten everyone’s attention, but for the reasons listen above, I do believe we will see more big breaches before we finally begin to really improve as an industry.