When a company is hit by a cyber-attack, it’s embarrassing. It doesn’t matter if they took the proper precautions and were just unlucky, when one company is hacked and another is not the company that hasn’t been hit is going to be more attractive to customers no matter what. Don’t believe it? Check out our post on how far a company went just to steal Minecraft servers from another one. But when you handle as something as sensitive as someone’s medical history, a cyber-attack will lose patients’ trust faster than you can say HIPAA. Oh, and HIPAA fines won’t be the only thing draining your bank account.
A company that specializes in healthcare data privacy named Protenus released a report that examined how much cyber-crime costs the healthcare industry. If you have a weak heart or a light wallet you might want to stop reading, because their report isn’t pretty.
According to Protenus, each year the healthcare industry shells out a whopping $6.2 billion due to data breaches. Seem unbelievable? Just wait till you hear the numbers behind that $6.2 billion.
The first step is forensics. Healthcare providers have to find out how the breach happened, what the damage is, and what data was accessible. On average that costs a healthcare organization $610,000.
Remember that part about losing patients trust after a breach? That’s where the breach notifications come into play. Healthcare providers have to not only notify patients but setup services that will answer their all their questions and monitor signs that a patient’s information is being used.
For example, that would mean setting up a system to monitor credit scores for drops. On average that costs a healthcare organization $560,000. But that’s chump change to what comes next.
It doesn’t matter how a lawsuit is handled by the affected patients, the costs will skyrocket from this point on for healthcare providers. On average providers spend $880,000 on legal fees resulting from a breach.
And if that wasn’t enough, we haven’t even gotten to HIPAA yet. On average HIPAA fines resulting from a breach are around $1.1 million. But believe it or not that’s not the biggest cost healthcare organizations face after a breach.
The report estimates that healthcare providers on average lose $5.7 million in lost business. Hard to believe? Protenus’ report says that 54% of respondents say they would switch healthcare providers if there was a data breach.
There is a grain of good news here though.
The report also says that on average it takes an organization 200 days to recognize a threat in the network if it’s recognized at all. Each day a hacker has access to a network is a day they burrow deeper inside and gather more data as it is created, even cutting that number in half could create a major difference in the number of people affected by a breach.
There’s a reason that number is so high though. Hackers are incredibly adept at going unnoticed. Protecting yourself and your organization won’t be easy, but that’s the reason you have to completely commit to cybersecurity if you’re going to commit at all. If you aren’t ready to do everything within your power to stop cybercriminals then you might as well do nothing at all, because you can bet that the hackers will be more than willing to do whatever it takes to get your data and money.
Completely committing means more than just hiring someone to take care of your security. It means taking the time to research security practices and qualifications of IT professionals so you don’t waste your own time and money. You know what you have to do, the only question now is if you’ll actually do it.