SOURCE: LockPath, Inc.


June 03, 2015 00:00 ET

Do You Know How Much a Data Breach Would Cost Your Organization?

OVERLAND PARK, KS--(Marketwired - June 03, 2015) - According to a study conducted by the Ponemon Institute, the average cost of a data breach is $5.9 million. That is up $500,000 from 2013, ending a two-year downward trend.

Reported cyberattacks on health care organizations have increased 40 percent since 2013. Theft of medical records is typically not recognized immediately, which gives criminals more time to use stolen data, making medical records more valuable to hackers than credit cards. In fact, according to Don Jackson, director of threat intelligence at PhishLabs, stolen health records usually go for 10 to 20 times the amount of credit card numbers on the black market. Ponemon Institute's study also found that the average cost of a stolen record to an organization is $201 across all industries; for health care it's $316.

Paying fines and other costs is just one of several devastating impacts a data breach can have on an organization. More customers are terminating relationships with breached companies than in previous years. From 2013 to 2014, the average churn rate found in Ponemon's study increased by 15 percent. And don't forget the resolution agreements that must be made with the U.S. Department of Health & Human Services (HHS) following a breach. These agreements require the covered entity to engage in a corrective action plan, such as staff training, and report to the HHS, typically for 3 years. During this three-year period, the organization will continue to be monitored by HHS to ensure it is meeting the agreement's terms and if found in non-compliance, the organization may be required to pay civil money penalties (CMPs).

Health care providers have some of the easiest networks to break into. What makes it so easy and how can it be prevented? Jeff Horne, vice president at cybersecurity firm, Accuvant, said it is partly due to out-of-date systems. "…they are using very old legacy systems -- Windows systems that are 10 plus years old that have not seen a patch." Making cybersecurity a top priority is crucial for health care since the number of breaches is only expected to increase.

Other tips for avoiding a data breach include:

  1. Keep your house in order. Know what your security policies and risks are and keep your staff updated. This is especially important for upcoming OCR audits
  2. Follow HIPAA safeguards including firewalls, data encryption, and authentication.
  3. Have remediation and mitigation plans. Build, test and perfect these plans. Using a business continuity solution can simplify this process and reduce the overall cost of a breach. Business continuity processes are simplified by automated risk management solutions, like LockPath's Keylight.
  4. Create stronger passwords. Believe it or not, the most commonly used passwords are "password" and "123456." Having an easy to crack password is like inviting hackers into your network.

About LockPath
LockPath is a market leader in corporate governance, risk management, regulatory compliance (GRC) and information security (InfoSec) software. The company's flexible, scalable and fully integrated suite of applications is used by organizations to automate business processes, reduce enterprise risk and demonstrate regulatory compliance to achieve audit-ready status. LockPath serves a client base of global organizations ranging from small and midsize companies to Fortune 10 enterprises in more than 15 industries. The company is headquartered in Overland Park, Kansas.

Image Available:

Contact Information