Healthcare data breaches are costing the U.S. healthcare industry nearly $6.2 billion each year. (2) In fact, healthcare has the highest cost per breached record of any other industry. Why? Healthcare is extremely attractive to hackers because medical records include everything they need such as: names, Social Security numbers, date of birth, credit card information, insurance information, protected health information (PHI) and more.
For both patients and organizations, the costs involved with a healthcare breach are astounding. Victims of medical identity theft spend on average $20,000 in out-of-pocket expenses. (2) What is more difficult to equate is the additional consequences such as damage to credit, financial stability, loss of insurance, or worse receiving the wrong type of care due to tampered medical files.
Healthcare organizations spend roughly $1 million per year, per firm, on data breaches. (2) However, this number varies greatly. According to industry reports, Anthem spent nearly $100 million from a data breach in 2015, and the costs keep coming. (4) Though, industry experts have placed the cost per breached record at $402, what is harder to measure is the other costs involved such as reputational damage, financial impact, legal and regulatory repercussions, operational expenses and clinical considerations. One report on Becker’s Hospital Review estimated the real cost per breached record at nearly $700 per medical record. The report measured and provided further detail on the true costs involved with each category (1):
In today’s healthcare landscape, most organizations cannot afford a costly data breach. Which is why prevention is often the best defense. Healthcare organizations should conduct a risk analysis and implement the necessary safeguards and controls. It is also important to prepare a data breach response plan, to ensure readiness to meet notification requirements and industry regulations should a data breach occurs. Taking these important steps can help reduce the potential of a data breach occurring and help avoid costly fines, lawsuits, reputational damage, and loss of patients.
References: