The cost of a data breachHow much would a data breach cost your organization? The latest stories to hit the headlines show the severe financial impact of a breach. Community Health Systems, Inc., (CHS) is one of the companies to have attracted negative press, after the organization reported the second largest breach of health records  that has ever occurred. So just how much financial fallout could a data breach cost you, and how does a lack of prevent spiral costs for the healthcare industry in general?

Financial Costs of a Data Breach

To put the financial damage of the CHS incident in full perspective, Forbes recently completed an analysis that estimated the total magnitude of the CHS breach (which affected 4.5 million patients) could reach between $75 and 150 million.

The Forbes estimate included financial ramifications ranging from:

  • recent Office for Civil Rights (OCR) monetary penalties for other large breaches
  • identity theft protection and credit monitoring for affected patients
  • lawsuits and settlement costs from pending class action litigation
  • insurance fraud costs that might hit Medicare, Medicaid, and private insurance companies.

Sanctions imposed by OCR are typically the most visible financial losses in the healthcare industry when a breach occurs. But the CHS breach, and subsequent Forbes analysis, is a great window in to the financial domino effect that lapses in protecting sensitive health information can have for an organization and society at large.

Additional Damage

None of this takes into account the additional cost of reputational damage resulting from a highly publicized breach, including lost customers, damaged partnerships and eroded brand equity. The effects of this damage can often be more difficult to recover from than the financial cost.

Are You Prepared?

With medical ID theft on the rise, and the increasing prevalence and sophistication of cyber crimes, healthcare companies all stand at a crossroads. You’re either ready, or you’re not.

If you’re not sure where you stand, or where to start, we’d recommend committing to a Clearwater Information Risk Management BootCampTM where you can learn security risk analysis fundamentals, as well as key insights from industry leaders, hard won lessons learned and practical tools for Risk Analysis and Risk Management.

If you’re looking to make a more compelling case to your organization’s leadership to invest in a more robust approach to information risk management, I’d encourage you to download a free publication called The Financial Impact of Breached Protected Health Information. This resource, provided by The American National Standards Institute (ANSI) provides an excellent overview of data breach issues and includes tools for calculating the cost of a breach in your organization.

Using this tool in tandem with recent headlines, such as the CHS breach, and you’ll have the ammunition you need to demonstrate the importance of a deeper commitment to identifying and managing key risks across your enterprise.

Register for one of Clearwater’s complimentary webinars on risk analysis and risk management basics and get to grips with these issues and more.

Michelle Caswell

Senior Director, Legal & Compliance at Clearwater Compliance
Michelle Caswell has over 14 years legal and healthcare experience and worked as a HIPAA Investigator for the U.S. Department of Health and Human Services, Office for Civil Rights where she ensured covered entities were in compliance with HIPAA, conducted complaint investigations and educated entities on HIPAA compliance. Michelle brings that experience to Clearwater Compliance as Senior Director, Legal and Compliance.