THE COST OF A DATA BREACH FOR HEALTHCARE ORGANIZATIONS

Transcription

1 DATA SECURITY: THE COST OF A DATA BREACH FOR HEALTHCARE ORGANIZATIONS THE URGENCY OF IMPROVED SECURITY THE STORY OF A DATA BREACH S IMPACT SECURITY SUPPORT AND SERVICES SHARE THIS

2 THE URGENCY OF IMPROVED SECURITY Consider this: PHI (protected health information) for half the population of the United States has been impacted by breaches since And while that s already an astounding number, from all appearances breaches aren t likely to slow down anytime soon. Whether it s a stack of stolen paper files from an ambulatory clinic or an exposure of millions of electronic patient records at a major hospital system, every data breach comes at a cost to patients, to healthcare providers and to quality care overall. DIFFERENT WAYS TO BREACH DATA. SAME DETRIMENTAL RESULT. Device theft Device tampering Error/lost devices Misdelivery of information Disablement of internal controls Malware Weak server/network password Misplaced backup disks Illegally copied paper files Insider access/breach Phishing Network hacking 1 healthcare-informatics.com, Shedding Some Light on the Problem of Medical Data Loss, December 2015 THE HIGH COST OF HEALTHCARE HACKS $50 An individual healthcare record brings up to $50 on the black market, 10 times as much as a stolen credit card number. 2 $6B Hacks cost the healthcare industry about $6 billion a year. 2 2 politico.com, Billions to Install, Now Billions to Protect, June 2015

3 THE STORY OF A DATA BREACH S IMPACT IMPACT ON HEALTHCARE ORGANIZATIONS Financial nightmare. From legal costs to credit protection fees, cyber insurance premiums to lost revenue from bad press and fleeing patients, and even compliance violation fines the financial cost of a data breach can be staggering. Reporting the breach, alerting patients and documenting the occurrence also come at a high cost. When all costs are added together, they can range from thousands to millions for individual entities, and billions for the industry as a whole. Ruined reputation. Any breach over 500 individuals means a healthcare organization must alert the media. 3 The result is often hard-to-overcome damage to the healthcare entity s image and reputation, leaving a long, hard road to change public opinion from a PR perspective and earn back public trust. Loss of patient trust. Loss of patient trust has the greatest impact even more than public trust. In an era where hospitals must compete to attract patients in the first place, a data breach causes far-reaching ripples in the patient landscape. Compliance violations. Both HIPAA and HITECH address PHI security standards. Penalties and fines for violating HIPAA and HITECH security standards and notification regulations, should a breach occur, could range from $100 to millions of dollars. $20 Each hacked record could cost a hospital around $20 in legal costs and credit protection. 2 3 fticonsulting.com, Five Questions to Ask Before Your Next Healthcare Data Breach, 2015

4 The 2014 per-capita cost of a data breach was far higher for healthcare than for any other sector of the economy: 3 $359 Healthcare organizations $206 Financial services companies $155 Consumer products organizations IMPACT ON PATIENTS AND CARE Financial woes. Unlike fraudulent credit card charges, fraudulent healthcare charges using a patient s stolen information typically fall to the patient to resolve, whether those are actual healthcare fees or fees for remediation of the theft itself. Patients could be on the hook for thousands of dollars. Identity struggles. With all advances come drawbacks. In the case of EHRs, once data is entered, it can t be removed. That means once someone has stolen a patient s identity and used it to gain treatment, the false information marries with the patient s real health history, leading to a permanent file corruption and potential adverse health risks when seeking future care. Loss of trust in providers. It s the old adage, Fool me once, shame on you; fool me twice, shame on me. Once there s been a records breach, patients naturally lose trust in their provider. Some may leave to find a new doctor or health system altogether, and may tell friends and family to do the same. It s a tough spot to be in having a doctor you love within a healthcare organization you can no longer count on to keep you safe. Keeping secrets. Recent studies have found that people are withholding information sometimes critical information from healthcare providers because they re concerned there could be a confidentiality breach of their records. This is not only a potential issue for the treatment of a specific patient, there are also potential public health implications. An unwillingness to fully disclose information could delay the diagnosis of a communicable disease. 1

5 SECURITY SUPPORT AND SERVICES CDW HEALTHCARE S SECURITY SUPPORT Multifaceted security threats demand a multilayered security approach. CDW Healthcare can help you determine the right mix of data and network protection solutions to create a platform to better guard against breaches and hacks. This includes technologies that span: Authentication Data loss prevention Mobile security Encryption Threat prevention SECURITY Q&A WITH JEREMY WEISS, CDW Healthcare Security Solution Architect Team Lead Q: What s the No. 1 security concern you re hearing from healthcare organizations? A: It s twofold. First, it s user provisioning (the ability to get staff up and running quickly) and deprovisioning (if staff changes, the ability to get them off the system and audit it). Second, it s advanced persistent threats and phishing. With compliance becoming more strict, keeping users and data secure is top of mind for Q: When crafting a data security plan, what are the biggest steps most providers overlook? A: One is educating users. It s crucial that all users understand how they impact the organization from a security standpoint. Another is having a data security incidence response plan. Many organizations are missing this piece of the security puzzle. When a breach does happen, knowing what can potentially be lost and being able to audit and control against it is crucial.

6 CDW HEALTHCARE S SECURITY SERVICES CDW Healthcare can provide the services to help ensure your healthcare organization stays on top of security measures to better protect patients and their valuable data: Security assessment. This encompasses mobile security, endpoint security, risk assessment and compliance/threat prevention. We ll conduct a targeted security analysis and network review, then design, configure and install a tailored security solution to help ensure patient data and the portal itself are secure. DLP risk assessment. We help you determine how sensitive data is currently being used and who needs to have access to it, and then match data loss prevention enforcement to your security policy to ensure compliance. Advanced attacks are more coordinated than ever before. Now, your defenses are, too. Sophos Security Heartbeat is revolutionizing security by synchronizing next-generation network and next-generation endpoint security, giving you advanced protection.

7 Are you ready to take your security strategy to the next level and raise the bar on data protection? For more information about your technology options and support services, contact your CDW Healthcare account manager today at or visit our dedicated security page on CDW.com/communIT. SHARE THIS MKT CDW Corporation