How Much Would a Healthcare Data Breach Cost Your Practice
As a medical or dental practitioner, you are quite familiar with the benefits of preventive care. Brush and floss, eat healthy and exercise, schedule routine check ups and tests - these are all ways to prevent larger health issues down the road. The same thing applies to protecting your practice from a potential healthcare data breach. Preventing a data breach by protecting your patients' sensitive information requires an investment up front, but be assured that the cost for not doing so far exceeds the cost of the “preventive care”.
In this post we will define what a healthcare data breach is, the catastrophic cost associated with recovering from one, how to prevent a breach, and how to get started with your own “preventive care” plan for your practice.
If you are feeling overwhelmed by the vast amount of digital information technology required to run your practice, it may be time to consider outsourcing. Download our handy checklist “How To Choose a Managed IT Service Provider” to help guide you to a better solution.
What is a Data Breach?
A data breach is an incident in which confidential information is accessed without authorization. In this case, your patients’ files are the target. Your patient records contain sensitive information that is attractive to criminals. You collect full names, credit card numbers, Social Security numbers, medical histories, and other personally identifiable information (PHI). The healthcare industry is particularly attractive to cyber thieves because all the aforementioned data is collected as part of patient records.
According to Symantec, electronic PHI was the most common form of data lost to data breaches in 2016, with personal consumer financial information close behind.
Why do Data Breaches Occur?
Cybercrime is extremely profitable. Hackers seek personal information to either steal money, compromise identity to steal money, or sell to other criminals on the dark web. The four ways targeted attacks are typically carried out are:
Exploiting system vulnerabilities: If you do not keep your software up-to-date on each of your computers and peripheral equipment, you could leave an entry point to your network. An attacker could use the opening to sneak malware onto a computer and steal data.
Weak passwords: Weak user passwords are easier for hackers to guess, especially if a password contains whole words or phrases. Experts advise that you use complex, unique passwords that do not contain personal information. They also recommend that you change your passwords often and don’t use the same password for multiple applications.
Drive-by downloads: You or a staff member could unintentionally download a virus or malware by simply visiting a compromised web page or opening an link on a spam email. A drive-by download will typically take advantage of a browser, application, or operating system that is out of date or has a security flaw.
Targeted malware attacks: Cyber attackers use spam and phishing email tactics to try to trick the user into revealing user credentials, downloading malware attachments, or directing users to vulnerable websites. Email is a common way for malware to end up on your computer. You and your staff should avoid opening any links or attachments in an email from an unfamiliar source. Remember that attackers can make an email look like it comes from a trusted source. Clicking on a link or attachment in an infected email could infect your computer with malware.
A large portion (48%) of data breaches are not caused by cyber criminals. They are caused by system glitches and human error.
The Financial Damage a Data Breach Can Cause
According to a 2017 study sponsored by IBM Security and conducted by Ponemon Institute, data breaches cost U.S companies an average of $225 per compromised record. That number increases to $380 per record in the healthcare industry.The breakdown of recovery costs is as follows:
Heavy HIPAA fines (often in the millions)
Paying for reporting information about the breach to the media
Costs of forensic investigation
Fees for credit monitoring for all affected patients
Costs of potential class action lawsuits
If your practice suffered a data breach, you would also have to notify the U.S. Department of Health & Human Services. Perhaps the most devastating cost to your practice would be lost revenue as a result of damage to your brand. When patients do not trust you, they find care elsewhere.
How to Protect Your Practice from a Data Breach
Practices large enough to have a chief technology officer or a team of dental/medical IT experts on hand are best equipped to prevent, detect, and fight against an attack. If your practice is smaller, as many practices are, you may want to consult a managed services IT provider to advise you how best to avoid a data breach and protect your patients.
To fully protect patient data, practices should consider data loss prevention (DLP) measures such as employee training and server and workstation monitoring. Employee training on security policies and procedures have been shown to decrease data breach costs by more than $9 per compromised record. The Health Insurance Portability and Accountability Act (HIPAA) outlines specific recommendations for handling of patient ePHI such as offsite data backup, firewall security, virus protection, and data encryption. Practices can add an additional layer of protection by running security risk assessments once or (ideally) twice a year.
We Protect You, So You Can Protect Your Patients
It is becoming increasingly important for dental and medical practices to employ cybersecurity measures, but it can be difficult to take on these tasks if you are already struggling, as many practice owners are, to keep up. That is where an outsourced IT management company, like Integrity Systems, can help!
Data breaches can be very expensive for medical and dental practices. They can be devastating to your practice’s finances and to your reputation. As you would advise your patients, remember that a little “preventive maintenance” can go a long way in protecting patient data. Integrity Systems is here to help you protect your practice data. Download our free checklist for choosing a managed IT service provider: