Costs of a Healthcare Data Breach

Data breaches can cost more than an organization would think. IBM Security’s annual study analyzed data breaches and the financial impact associated with them. It was found that, on average, a data breach costs an organization $3.92 million. That’s an increase of 12% as compared to the last 5 years. There are many aspects of a data breach that can cost an organization money over the span of multiple years. The hidden costs of a healthcare data breach can be detrimental to an organization’s success and survival.

Breach Notification

In the healthcare industry, in the event of a data breach, organizations must alert affected individuals via mail. Depending on how many individuals are affected by the healthcare data breach, the cost of notification can be astronomical. In one such case the American Medical Collection Agency (AMCA) experienced a large-scale breach in which they had to send 7 million individuals breach notification letters, costing the organization $3.8 million. As a result AMCA has filed for Chapter 11 bankruptcy.

Hiring IT Professionals for Data Breach Response

Many small-mid sized businesses don’t have their own IT department. When an organization experiences a data breach, there are remediation efforts that must be implemented to ensure that another breach doesn’t occur. To close the security gaps, an organization may need to hire IT experts to address security issues. AMCA, for instance spent $400,000 to hire an outside IT firm to assist with breach response. 

Credit Monitoring and Identity Theft Protection

Under the Health Insurance Portability and Accountability Act (HIPAA), organizations that experience a data breach must offer affected individuals free credit monitoring and identity theft protection for 2 years. Credit monitoring can cost between $10 to $30 a month per individual. That means it would cost $240 to $720 for 2 years of credit monitoring per person. 

Reputational Impact

The negative impact on an organization’s reputation can be the most costly, and often overlooked, aspect of a data breach. Building a reputation can take years, but it only takes one incident to do permanent damage to an organization’s reputation. Organizations that are the victim of a meaningful breach, affecting more than 500 individuals, are posted to the Office for Civil Rights (OCR) wall of shame. Damage to an organization’s reputation can be detrimental, AMCA lost three of its’ largest clients as a result of the data breach, a major contributing factor to the company filing for bankruptcy. 

Need Help Addressing HIPAA Compliance?

Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the Guard™, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.

To address HIPAA cybersecurity requirements, Compliancy Group works with IT and MSP security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.

Find out more about how Compliancy Group helps you simplify compliance and cybersecurity today!

Third Party Verification and Validation

Need Help with HIPAA?

Let our complete HIPAA solution handle it.