Do you know how much a potential security breach can cost? It may be more than you think. Risks are always there, and are constantly changing and that’s why you need to stay in compliance with the current laws and regulations.
In a recent research study conducted by Ponemon in June 2016, “the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million2. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.”
However, healthcare organizations had an average cost of $355 per record breached, which is more than double. The reason for such a high cost per record is due to the damage that can be done with stolen personal health information. If a credit card is breached at a merchant level it’s usually quite easy to track down where it happened. When dealing with stolen personal health information it becomes trickier due to the massive amount of third parties involved and the hands it passes through. Many are unknown to the patient.
Many times after ePHI has been breached, it ends up on the black market for sale. ePHI information and theft is more valuable because it contains data that can be used continually, unlike a stolen credit card that get’s deactivated once it’s been discovered. You can’t do that with someones personal health information, there’ s no deactivation switch for your social security number, address and other highly sensitive and personally identifiable information. A good example of how it’s sold on the black market is available at Brian Kreb’s site
So what you need to ask yourself is:
Is the cost to mitigate the risk less than the cost to remediate a breach (355.00)?