How Much Can A Data Breach Cost a Practice?
You don’t need to work in healthcare to get nervous when you hear “data breach” and “healthcare” in the same sentence. While consumer data takes center stage in the news, what you put on social media may be of far less immediate importance than what your physician records on your medical chart. One of the providers’ top concerns is the security surrounding their patient data. So, how much does a data breach cost? Let’s take a look at more recent instances of data breaches in the healthcare sector:
Unity Point Health
UnityPoint Health experienced a data breach between November of 2017 and February of 2018. The breach may have compromised medical record numbers, treatment information, surgical information, lab results, etc. for over 16,400 patients.
UnityPoint is currently in litigation over claims that they did not comply with the HIPAA Breach Notification Rule which requires covered entities to report PHI data breaches affecting 500 or more individuals within 60 days of discovery (it’s worth noting that this law can differ from state to state).
The cost goes beyond the burdens of litigation and remediation, the cost to market reputation can be enormous.
Hollywood Presbyterian Medical Center
HPMC was forced to pay $17,000 after a ransomware attack in 2016 when cyber criminals encrypted its EHR.
Even after many organizations pay the ransom, recovery can take as much as weeks or even months. The of business interruption
https://healthitsecurity.com/news/hipaa-covered-entities-get-pass-on-or-data-breach-notification-law
https://healthitsecurity.com/news/unitypoint-allegedly-mishandled-healthcare-data-breach
Center for Orthopaedic Specialists, 3 Locations
According to IBM and Ponemon Institute, the average cost of a data breach is $3.62 million globally. The average price for most companies is $141 per record lost or stolen. However, the prices for those in healthcare are significantly higher – pulling in at
How Much Can A HIPAA Violation Cost?
Virtua Medical Group - $417,816 Fine
According to a release from the New Jersey Division of Consumer Affairs, due to a server misconfigured by a private vendor, the medical records of more than 1,650 Virtua patients were made viewable online. Virtua agreed to the settlement – in addition to a tightening of security measures – after the Division concluded that Virtua Medical Group’s failure to comply with federal healthcare data security standards (HIPAA) led to exposure of patient data.
VGM consisted of a network of physicians exclusively affiliated with more than 50 South Jersey medical and surgical practices. So, while the fine does not relate to a single practice, the costs are widespread – from VGM to the individual patients who found their data exposed online.
http://www.njconsumeraffairs.gov/News/Pages/04042018.aspx
https://healthitsecurity.com/news/healthcare-data-breach-costs-highest-for-7th-straight-year
https://healthitsecurity.com/news/how-much-do-healthcare-data-breaches-cost-organizations