This entry is part 46 of 60 in the series HIPAA Security Risk Analysis Tips

New Study Estimates Data Breaches Cost  the Healthcare Industry $5.6 billion Annually

A newly released study from the Ponemon Institute underscores major areas of risk for healthcare organizations when trying to safeguard protected health information and uphold requirements under HIPAA-HITECH law. Find the full study here.

According to the Fourth Annual Benchmark Study on Patient Privacy & Data Security, criminal attacks on healthcare systems have risen a startling 100% since the first study was conducted four years ago in 2010. Additionally, healthcare employees are fueling breach risks by increased use of their personal unsecured devices (smartphones, laptops and tablets). The vast majority of Business Associates—those that have access to PHI and work with Covered Entities—are not yet in compliance with the HIPAA Final Rule.

Despite a slight drop in data breaches overall, such incidents are costing some healthcare organizations millions of dollars every year. While the cost can range from less than $10,000 to more than $1 million, The Ponemon study calculates the average cost for the organizations represented in this year’s benchmark study is approximately $2 million over a two-year period.

Based on the experience of the healthcare organizations in this benchmark study, we believe the potential cost to the healthcare industry could be as much as $5.6 billion annually.

Is your organization at risk for becoming a data breach statistic? Have you done all you can to identify areas of risk within your HIPAA compliance efforts? And, do you — and your organizations C suite – understand the potential financial impact? Here are a few tools to help you answer the tough questions:

  • Risk Analysis WhitepaperRisky Business: How to Conduct a Bona Fide HIPAA Security Risk Analysis” will help you better understand and act on the specific Risk Analysis requirements included in the HIPAA Security Final Rule, as amended by The HITECH Act. Click here to download.
  • PHI Protection Network (PPN) Conference A group of leading information privacy and security professionals will be convening in Anaheim, California on Thursday, April 10, 2014 to share best practices and determine how healthcare organizations can more effectively safeguard protected health information. Interested participants can register here.
  • PHI Value Estimator Tool As part of a study produced ANSI (whose leaders then launched the PHI Protection Network (PPN), this tool will help estimate the overall potential costs of a data breach to your organization and provide a methodology for determining an appropriate level of investment to strengthen your privacy and security measures. Click here to learn more.
  • HIPAA Compliance Software Learn about software tools and consulting services that help your organization take a methodical and comprehensive approach which  strictly follows the HHS/OCR guidance for Security Risk Analysis and harnesses the power of the NIST risk assessment processes. Click here for a “by-the-book” approach to risk analysis.

Please avail yourself of any of these free resources which you may access now by clicking on the links below:


Series Navigation<< HIPAA Risk Analysis Tip – MU Attesters, Is this the Beginning?HIPAA Risk Analysis Tip – New HHS Risk Assessment Tool – Much Ado About Nothing >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.