Hacked! The cost of a cyber breach (Part 2) – Healthcare Industry
Hack in the healthcare industry
Company Profile: A Nonprofit Hospital, $100 million in annual revenue
An employed physician of the hospital accidently left his hospital-issued laptop on a train. The laptop contained an unencrypted database of current patient records that included protected health information with the name, Social Security number, credit card, insurance ID and limited medical information of 550 patients. The data stored on that laptop was completely unsecured as it did not contain remote take-down capabilities nor was it password protected.
According to the NetDiligence® Data Breach Cost Calculator the estimated costs of the 550 lost records for the Nonprofit Hospital could be:
| Incident Investigation Costs: | $180,000 |
| Customer Notification and Crisis Management Costs: | $34,000 |
| Fines & Penalties: | $167,000 |
| Total Costs: | $381,000 |
According to the Ponemon 2015 Cost of Data Breach Study, an average event of this type impacts 28,000 records driving the average cost to a business to $3,149,000.
| Detection Costs: | $610,000 |
| Notification Costs: | $560.000 |
| Regulatory Costs: | $1,979,000 |
Risk Management Tips:
- Implement procedures for using effective passwords and mandate periodic changes.
- Consider implementing security measures including encrypting protected health information (PHI) that may be stored on the laptops and having remote disabling capabilities.
- Consider storing PHI on a central server and accessing the information via a secure connection.
Read part 1 of Hacked! The cost of a cyber breach – Retail Industry
by Rosalie L. Donlon, Property Casualty 360