Hacked! The cost of a cyber breach (Part 2) – Healthcare Industry

Hack in the healthcare industry

Company Profile:  A Nonprofit Hospital, $100 million in annual revenue

An employed physician of the hospital accidently left his hospital-issued laptop on a train.  The laptop contained an unencrypted database of current patient records that included protected health information with the name, Social Security number, credit card, insurance ID and limited medical information of 550 patients. The data stored on that laptop was completely unsecured as it did not contain remote take-down capabilities nor was it password protected.

According to the NetDiligence® Data Breach Cost Calculator the estimated costs of the 550 lost records for the Nonprofit Hospital could be:

Incident Investigation Costs: $180,000
Customer Notification and Crisis Management Costs: $34,000
Fines & Penalties: $167,000
Total Costs: $381,000

According to the Ponemon 2015 Cost of Data Breach Study, an average event of this type impacts 28,000 records driving the average cost to a business to $3,149,000.

Detection Costs: $610,000
Notification Costs: $560.000
Regulatory Costs: $1,979,000

Risk Management Tips:

  • Implement procedures for using effective passwords and mandate periodic changes.
  • Consider implementing security measures including encrypting protected health information (PHI) that may be stored on the laptops and having remote disabling capabilities.
  • Consider storing PHI on a central server and accessing the information via a secure connection.

Read part 1 of Hacked! The cost of a cyber breach – Retail Industry


by Rosalie L. Donlon, Property Casualty 360

Leave a comment

Leave a Reply