The Cheat Sheet reports that data breaches cost $400 billion each year, and while we often read about retail data breaches, attacks on healthcare companies are actually the most costly. In fact, the typical healthcare data breach costs more than three times as much per stolen record as a retailer data breach.
Why Are Healthcare Data Breaches So Expensive?
When criminals steal your clients' data, they are often looking to commit identity theft or fraud. And healthcare data opens the door wide to these fraudsters. Criminals can use stolen heath records to:
- Sign up for loans with someone else's name.
- Steal money from bank accounts.
- Impersonate someone in order to receive expensive medical treatments.
- Use payment information to make fraudulent purchases.
Given how much information is included in healthcare records (everything from SSNs to payment information), cyber criminals know to strike where the getting's good.
To make matters worse, healthcare organizations have many points of entry. To get access to healthcare records, a criminal may target lower-rung employees in a phishing campaign, hack contractors who handle the practice's billing, or find their way inside through any other "attack vector."
HIPAA Violations Add to Exorbitant Costs
HIPAA and HITECH are two laws that require businesses with healthcare data to take extra precautions to protect that information (see "Good News: Updated HIPAA Guidelines Take Some Pressure of IT Professionals" to learn more about these requirements).
HIPAA laws will also hold healthcare companies financially liable for a data breach by making them pay a fine. These fines can exceed $1 million and are usually not covered by your clients' small business insurance, so make sure you know and follow HIPAA guidelines. For further reading on hefty HIPAA fines, check out "$4.8 Million HIPAA Settlement Over Data Breach Is Largest to Date."
Beyond Healthcare: Industries with the Most Expensive Data Breaches
While healthcare is the most expensive industry when it comes to data breaches, the Ponemon Institute's 2014 Cost of a Data Breach Study also lists these industries in the top four:
- Education.
- Pharmaceutical.
- Financial services.
In each industry listed above, a data breach typically costs at least $200 per stolen record. That means that a breach involving just 100 lost records may cost around $20,000. If you work with healthcare clients, the odds are pretty good that they're going to have at least that many records on their laptops, tablets, computers, and network. You're looking at potential data breach costs in the five or six-figure range.
What Your Clients Need to Know about the Cost of a Data Breach
Whether you work in healthcare or not, this research shows just how costly data breaches can be. Preventing data breaches and investing in more secure technology is as much about your clients' data security as it is about their financial security. By marketing your services to highlight the cost certainty you offer industries that are vulnerable to expensive data breaches, you can put your IT business in a strong position.
But what happens if a client suffers a data breach?
- With the high cost of breaches, these costs could "roll downhill" to your business.
- If a client is hacked, they could sue your IT business as they look to recover the cost of the data breach.
How do you protect your business? Errors and Omissions Insurance (aka Professional Liability Insurance) with third-party Cyber Liability coverage may cover lawsuits when clients sue you over a host of IT liabilities. While you sell your services as a way to offer your clients financial security, don't forget to address your own financial risk and invest in Professional Liability Insurance.
