Healthcare data breaches cost the industry $6.2 billion a year, while the average cost of a single data breach across all industries is $4 million, according to Protenus. Additionally, nearly 90% of healthcare organizations have reported a data breach in the past two years.
Healthcare data breaches include, but are not limited to, phishing attacks, “snooping” by employees and compromised credentials.
Protenus also detailed seven potential costs of a healthcare data beach:
- Forensics – $610,000
- Notification – $560,000
- Lawsuits – $880,000
- Lost business/revenue – $3,700,000
- Brand value – $500,00
- HIPAA fines – $1,100,000
- Post-breach costs – $440,000
The $3.7 million price tag for lost business can be attributed to the fact that nearly a quarter of patients have said they would switch providers due to a data breach, according to a 2015 survey by software advertising firm Software Advice. Patients have also said they withhold information from physicians due to fear of a breach. Beyond the loss of revenue, data breaches can also cause patients to lose trust in a hospital or healthcare organization.
The high cost of healthcare data breaches emphasizes the importance of being proactive in securing patient data and identifying potential external and internal threats. If an organization is breached, it is imperative to notify affected patients as soon as possible. Transparency after a breach can help reduce lawsuits and damage to the organization’s brand.