This article is the second in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, that highlights the financial impact of a cyber-breach for healthcare organizations and why it is so important to protect your healthcare data.
The impact from a healthcare breach has wide and significant impact to a healthcare organization, both small and large. Here are some examples of the costs associated with healthcare breaches:
- Negative media/publicity is one of the first and possibly the most devastating negative impacts of a healthcare breach – current and potential customers will be unlikely to use a healthcare organization that cannot protect their sensitive information, particularly ePHI.
- The Cost to Remediate the breach is often the second noticeable impact of a breach.
- First there is the Triage Costs of the breach itself – bringing in forensic teams to investigate the breach – the how, what, and where issues; implementing business continuity and back-up plans; and bringing in extra IT staff to restore/repair corrupted data and implement the necessary security safeguards.
- Second, there are the Clean-up Costs for all of the identities of the people affected by the breach. The estimated cost to clean-up such records is around $18,000 per individual.
- Consumer class action lawsuits are often the next cost of a breach. Target and Home Depot are contending with numerous consumer class action lawsuits (Target: 140+ and Home Depot: 44) while Healthcare insurer Anthem is just beginning to see consumer lawsuits being filed in numerous states. Target has recently offered a proposed settlement of $10 million for their class action lawsuits.
All of the items above will lead to lost revenues, increased costs, and reduced profits.
- There is one more cost to a healthcare breach – HIPAA Fines, which can range from $100 to $50,000 per breached record, depending upon the level of HIPAA compliance and awareness of HIPAA privacy and security requirements by the healthcare organization.
As healthcare organizations become more automated, connected to the internet, and implement more EHR/EMR systems and other electronic data exchanges, the opportunity for cyber breaches will only increase.
Next week’s article will discuss what you can do to reduce the possibility of a cyber-security breach and how you can protect your organization now. At the end of this series on cyber security breaches, Third Rock will be a special offer for those organizations ready to improve their protection against cyber-breaches.
For more information on Third Rock’s Worry-Free Compliance, please visit us at: www.thirdrock.com.