Protect Patient Data: The Cost Of A Data Breach In Healthcare

cost-of-a-data-breach-healthcare

If the cost of boosting your healthcare organization's cybersecurity seems inhibitive or expensive, you may want to consider just how expensive it would be for your company not to be adequately prepared and protected. 

Even smaller organizations face an enormous threat from security breaches. The global average cost of a data breach is $4.45 million, according to IBM. and the cost even goes beyond financial impact. At one time, it was reported that 6 in 10 small businesses were unable to survive data breaches and close within six months after an attack. 

For highly regulated industries such as healthcare, the potential repercussions are too big to ignore. In this article, we dive into the data to help clarify just how costly a realized threat to your cybersecurity can be and what can be done to protect your bottom line (and your patients). 

 

Understanding the Potential Costs of Data Breaches for Healthcare Organizations

According to leading data breach reports, including a 2020 report recently released by IBM Security, the healthcare industry incurs the highest average cost of data breaches—to the tune of $7.13 million per incident. This is up by 10 percent compared to just one year prior.

The implication is that the financial impact of these cyberattacks is only getting bigger—especially given the increasing use of telemedicine and remote patient-provider technology. 

As many experts note, these costs have direct and indirect impacts on healthcare companies that can be felt for years, even long after a breach has been rectified. 

Why the prolonged impact? One reason could be the target of such attacks. Around 80% of data security breaches within all industries involve the theft of clients' personal information. It's the most expensive type of data breach to fix, but it also has a major negative impact on the reputation of healthcare companies—companies who generally pledge to "first, do no harm." By lowering public trust and reputation, a data breach can easily drive a healthcare company's profit margins and future business down.

Beyond the direct costs of correcting a cyberattack and the indirect costs of damaged brand reputation, there are still other costs to data breaches that any healthcare company should consider. For example, cyberattacks often lead to legal fees, third-party fees, and victim restitution fees that organizations must deal with. While the use of cybersecurity insurance can offset many of these costs, it's in the best interest of healthcare organizations (and their patients) to avoid the need to file such claims in the first place.

Additionally, the Office for Civil Rights (OCR) from the U.S. Department of Health And Human Services (HHS) has even begun paying out settlements as a result of ransomware attacks that violated data protection regulations.

It's no wonder healthcare companies are projected to invest $125 billion in cybersecurity efforts over the next five years. 

 

Protecting Against Cybersecurity Breaches: What Healthcare Companies Should Know

Why are these breaches happening? The recent IBM Security report found that for healthcare companies, half of all data breaches were a result of malicious attacks, 27 percent were due to human error, and the rest were due to system glitches. With this in mind, here are a few top priorities information security officers and other healthcare management leaders should focus on: 

  • Being aware of a company's particular risks and areas of vulnerability 
  • Monitoring and updating software systems regularly and backing up data as appropriate
  • Using best practices for passwords 
  • Developing a risk management plan that complies with HIPAA following a risk analysis
  • Implementing employee training and establishing a company culture of digital safety
  • Utilizing leading-edge technologies, such as two-factor authentication, as appropriate
  • Accounting for the increased use of mobile devices and telemedicine technology 

If it sounds like a lot to implement, consider consulting with a cybersecurity expert team who can help you allocate your resources effectively and ensure your community is adequately protected.

Read On