How much would a data breach cost your organization? The latest stories to hit the headlines show the severe financial impact of a breach. Community Health Systems, Inc., (CHS) is one of the companies to have attracted negative press, after the organization reported the second largest breach of health records that has ever occurred. So just how much financial fallout could a data breach cost you, and how does a lack of prevent spiral costs for the healthcare industry in general?
Financial Costs of a Data Breach
To put the financial damage of the CHS incident in full perspective, Forbes recently completed an analysis that estimated the total magnitude of the CHS breach (which affected 4.5 million patients) could reach between $75 and 150 million.
The Forbes estimate included financial ramifications ranging from:
- recent Office for Civil Rights (OCR) monetary penalties for other large breaches
- identity theft protection and credit monitoring for affected patients
- lawsuits and settlement costs from pending class action litigation
- insurance fraud costs that might hit Medicare, Medicaid, and private insurance companies.
Sanctions imposed by OCR are typically the most visible financial losses in the healthcare industry when a breach occurs. But the CHS breach, and subsequent Forbes analysis, is a great window in to the financial domino effect that lapses in protecting sensitive health information can have for an organization and society at large.
None of this takes into account the additional cost of reputational damage resulting from a highly publicized breach, including lost customers, damaged partnerships and eroded brand equity. The effects of this damage can often be more difficult to recover from than the financial cost.
Are You Prepared?
If you’re not sure where you stand, or where to start, we’d recommend committing to a Clearwater Information Risk Management BootCampTM where you can learn security risk analysis fundamentals, as well as key insights from industry leaders, hard won lessons learned and practical tools for Risk Analysis and Risk Management.
If you’re looking to make a more compelling case to your organization’s leadership to invest in a more robust approach to information risk management, I’d encourage you to download a free publication called The Financial Impact of Breached Protected Health Information. This resource, provided by The American National Standards Institute (ANSI) provides an excellent overview of data breach issues and includes tools for calculating the cost of a breach in your organization.
Using this tool in tandem with recent headlines, such as the CHS breach, and you’ll have the ammunition you need to demonstrate the importance of a deeper commitment to identifying and managing key risks across your enterprise.