Few would argue that hospitals suffer a hit to their reputation whenever they suffer a well-publicized data breach. Apparently, one of their key methods for re-establishing their brand is to hike up their advertising expenditures, a new research study has concluded.
The study, which appears in The American Journal of Managed Care this month, examines the relationship between data breaches and hospital advertising investments. The research team built the study on a sample of nonfederal acute care inpatient hospitals gathered from traditional media outlets between 2011 and 2014.
After conducting their review, the researchers isolated 72 hospitals which had experienced a data breach during that period, for reasons which included theft, loss, unauthorized access/disclosure, improper disposal of records and hacking.
The research team concluded that a data breach was associated with a 64% increase in annual advertising spending among the affected hospitals, which were more likely to be large, teaching and urban relative to the 915-hospital control group. The increased spending persisted for two years after the breach.
As it turns out, spending more on advertising could prove to be a smart move. The study cites other researchers’ findings that data breaches in hospitals are associated with decreased outpatient visits admissions over the long run. Hospital leaders have little choice but to fight for their remaining patients and attract new ones once a breach is made public.
That being said, these results leave me hungry for data that they don’t include. After all. trends in ad spending don’t tell the whole story here. It would be more interesting if the study found a way to measure the strength of the hospitals’ brand before and after news of a high-profile data security breach hits the press.
More importantly, I’d like to know whether hospitals spend significantly more on security post-breach. On the surface it seems like a no-brainer that you discover a breach and determine what caused it, you invest more in an effort to prevent it from happening again. Unfortunately, it can be tricky to get fine-grained data on hospital security strategies given their fears about tipping off future attackers.
The reality is that it’s much easier to estimate what hospitals spend on advertising, marketing and PR post-breach than gain any real insight as to what went wrong. We can watch hospitals scramble to cover their tracks after such an incident, but we seldom get to learn from their security mistakes.
By all means, let’s track how hospitals reestablish their brand post-breach. But let’s also work on finding ways to make it safe for hospitals to share more on their breach prevention efforts. Knowing that they’re willing to spend money to apologize to their patients just isn’t good enough.