What?

Did you know healthcare companies incur the costliest data breaches relative to all other industries? 

According to IBM’s 2019 Cost of a Data Breach Report, the average total cost of a data breach in the U.S. healthcare industry is $15.0 million – compared to $8.2 million across all industries. 

Collecting and analyzing patient data is integral to ensuring proper and efficient treatment. However, with the acceleration of data technology and digital recordkeeping, healthcare companies are more susceptible to hacking and data breaches than ever. This poses huge reputational and financial risks to not only healthcare institutions – but also their patients.

It’s critical to be proactive with respect to data protection to comply with regulations like the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), the upcoming California Consumer Privacy Act (CCPA) and to retain the trust of your customers.

Why?

As the above stat demonstrates, data breaches are expensive. There are several cost factors at play, such as notification costs, crisis team management costs, and business interruption costs – not to mention regulatory fines. HIPAA violations can range anywhere from $100 to $50,000 per violation; noncompliance with the GDPR can result in a fine of up to 4% of a company’s top-line revenue.

For example, in 2018, Anthem, Inc. was fined $16 million for violating HIPAA after failing to take “substantial corrective action” following the largest healthcare data breach in U.S. history, which exposed Public Health Information (PHI) of approximately 79 million people. 

Further, in countries like the United States, companies are exposed to increased risk as data protection legislation enables consumers to file lawsuits as well.  

Depending on their severity and frequency, breaches can be financially crippling. 

Data breaches are also expensive from a reputation standpoint. PHI is sensitive – and an inherent trust that PHI will be protected exists between healthcare institutions and their patients. Therefore, any sort of data breach violates this trust, which can soil an institution’s image and deter current and future customers. 

If your company wants to prevent hefty financial costs and reputational damage, it would be prudent to focus on data security. 

How?

Per IBM’s report, there are three primary causes of data breaches: (1) malicious or criminal attacks (51%), (2) system glitches (25%), (3) and human error (24%).

According to IBM’s analysis: “Since 2014, the share of breaches caused by malicious attacks surged by 21 percent, growing from 42 percent of breaches in 2014 to 51 percent of breaches in 2019. It took substantially longer to identify and contain a breach in the case of a malicious attack: a combined 314 days.”

Malicious attacks on valuable, sensitive data are growing – and they result in long periods of susceptibility and business interruption. From malware to criminal insiders to phishing and social engineering – there are various ways to target and attack company databases.  

However, there are several precautions your company can take to proactively defend against malicious attacks and reduce internal errors. In this section, we’re going to overview several data security best practices. 

Understanding your data

Flow and location. It’s imperative to understand how your data flows and where it resides – both internally and externally. Do you work with contractors or other third parties? What kind of access to your data do they have? (Shameless Plug: Check out our CompliChain technology.)

Whether it’s electronic health records or associated platforms, companies must understand each touchpoint along the data path. This exposes possible vulnerabilities and allows you to bolster security. 

Plus, maintaining records of sensitive data can better prepare your company for audits in which you must present proof of compliance. 

Encryption

Company-wide encryption can mitigate potential data risks. As your company grows, so too does its arsenal of devices (work phones, computers, tablets, etc.) and the people that use them. Each device and employee represent potential targets. 

By encrypting your company’s devices, sensitive data can be made inaccessible and protected from theft.

Self-Regulation

State and federal regulations shouldn’t be the only policies your company abides by. To maximize data security, it’s important to have proper internal policies in place too. This aligns all levels of your organization – both vertically and horizontally – and helps prevent regulatory issues and costly penalties.

Comprehensive policies and procedures can thwart self-inflicted breaches and the heavy repercussions.

Self-Education

People aren’t perfect, they’re going to make mistakes. We’re “only human” – so the saying goes. 

But sometimes mistakes are devastating.

In July 2019, Equifax agreed to pay $671 million in order to settle state and federal lawsuits regarding the company’s massive data breach in 2017, which impacted nearly 150 million people. Per an article in the New York Times, the monumental security breach may have been attributed to a single employee’s mishandling of system warnings. 

However, companies are ultimately responsible for their employees – and their employees’ actions. Human error can be minimized with company-wide training and education. By keeping employees informed and up-to-speed on internal and external policies and procedures, your company can reduce instances of human error. 

Is your company implementing the necessary countermeasures to prevent data breaches? Sepire’s security protocols, proprietary technology workflow and WBENC certification provide a true differentiator in the marketplace – and they provide you with a vendor that place your and your customers’ best interests as a top priority.

 

Contact us to learn how our proprietary technology workflow safeguards your customers’ data.