The most effective efforts to limit the damage inflicted by a data breach start before an incident occurs. This is something that security pros in many industries, including healthcare, have observed. Their desire to proactively temper the effects of security incidents is reflected in findings in the second annual survey on data breach preparedness, conducted by Ponemon Institute LLC and sponsored by Experian Data Breach Resolution. The survey report references previous Ponemon research, which indicated that business with established incident response plans could reduce the average cost of a data breach by $17 per stolen record.
The percentage of respondents with data breach response plans in place at their organizations rose from 61% in 2013 to 73% this year. That shift coincided with a 10% year-to-year increase in the number of respondents that reported experiencing a data breach. Healthcare was the second most represented industry in the survey, with its 13% second only to the financial services market, which comprised 19% of the total responses.
The results of another Ponemon data breach survey, sponsored by Informatica Corporation, were released earlier this year. Of 142 respondents employed in the healthcare and pharmaceutical fields, more than half reported that losing customer data was their biggest worry. Though a mere 9% said they thought patient data was in danger, double the respondents indicated they had experienced between two and five security breaches in the past year.
Healthcare data breaches can prove costly on multiple levels. Failure to comply with HIPAA policies can result in fines, on top of what providers spend to test and patch the holes where their security perimeter failed. The HHS Office of Civil Rights (OCR) investigated a data breach involving New York-Presbyterian Hospital (NYP) and Columbia University that left electronic health data of 6,800 individuals exposed. The two organizations submitted their breach report in 2010 and were ordered to pay $4,800,000 to those affected as a result of the OCR’s investigation.