make a good business better

Blog Information Security

Print Divider Print Divider Branding

The High Cost of Security Breaches in Healthcare

08/13/2014  |  By: Jason Riddle, CISSP, President, Information Security


Social Logo Social Logo Social Logo Social Logo

Data security breaches in healthcare are growing increasingly costly, yet some healthcare organizations cut corners or overlook threats, simply because they don’t understand the range and type of potential costs they face. In truth, costs from security breaches come in many forms—beyond the simple price tag of prevention. So what do these costs look like, and why are they so important to avoid?

Varieties of cost

Healthcare organizations that experience a security breach typically face three major types of costs:

  1. Disruption of operations Sometimes, a data breach is quiet and undetected, going on right under your nose while your business runs seemingly unaffected. But sometimes an intrusion can bring down your network altogether. Whether you are still operating, or dead-in-the-water post-breach, you’ll need to invest time and money responding and securing your data. Managing the unpredictability of recovery expense is one reason managed security solutions can make so much sense for healthcare organizations, allowing third-party security experts to monitor for intruders and respond to them as quickly and efficiently as possible.
  2. Fines for non-compliance Over the last several years, the Office of Civil Rights has ramped up enforcement of HIPAA Privacy and Security Rules considerably. Stronger enforcement yields more frequent detection of non-compliance, and that means fines. In fact, in the aftermath of major data breaches, healthcare providers have paid out major multimillion dollar settlements over potential HIPAA violations. Healthcare organizations sometimes dismiss penalties as “something that will never happen to me” -- but that’s no longer an option in the decision of how to manage the cost of compliance. Today, it’s crucial to ensure that you’re in compliance to the best of your ability as the way to minimize the risk of penalties for potential violations. To add insult to injury, we’re now seeing the Federal Trade Commission (FTC) come in behind OCR in certain breaches and impose additional penalties and monitoring requirements. This “pile on” approach by regulators drives the cost of breaches higher and higher.
  3. Loss of consumer trust Patient trust is an intangible asset, but may very well be a healthcare provider’s single most valuable one. Consumers are increasingly concerned about privacy and data security -- and a high-profile breach will undoubtedly damage an organization’s brand and its profile within its hard-earned sphere of influence in the market, particularly if the response is slow or ineffective. If consumers hesitate to do business with you, based on either past breaches or lack of confidence in your security measures, this can mean quick and serious loss of business in the future.

Responsible risk management

Disruptions, fines, and loss of trust are all causes for concern, and yet your security measures shouldn’t be based on fear. Instead, they should be based on a level-headed understanding of potential costs, options, and a thoughtful strategy. Managing security risk -- and the associated costs -- is a component of responsible business operations. A data breach might briefly disrupt your operations, or it might cascade to result in major settlements and a tarnished image. While the exact consequences of a breach can be difficult to calculate, the relative certainty of a robust security strategy is clear. It pays off by forming an important foundation for continuing your business.

Download our guide, Breach: Network Security Best Practices for Prevention, Detection, and Response, to help ensure your team is handling your IT security properly. On LinkedIn or Twitter? Follow us on LinkedIn and on Twitter at @lbmcsecurity. Learn more about how our team at LBMC Information Security can help your team armor up with a wide range of network defense servicesContact us today!