Costs of Security Breaches continue to look up
Here's a revelation. Stuff on a middle manager's laptop more important than stuff on a CEO's laptop.
Here's news of yet another health care company that made it to the headlines with a stolen laptop. According to a local Florida paper reported on February 15, 2010, two laptops were stolen from AvMed Health Plans' corporate office in Gainesville, FL that contained personal information a" including PHI a" of over 200,000 people.
According to studies, the security breach incidents are costing companies, including health care providers and plans, more money as well as customers.
As per a statement by AvMed, which began informing affected patients in early February of the breach, which took place late December, the data was not protected in the AvMed case.
Last winter, Connecticut AG Robert Blumenthal went after both Anthem Blue Cross Blue Shield and Health Net (United) for similar lapses, becoming the first state AG to sue a health care provider under HIPAA's new security provisions.
Last year, a study conducted by the Ponemon Institute found that the loss of data on notebooks lost or stolen in airports, taxis and hotels around the world cost their corporate owners an average of over $49,000. Fourteen percent of the companies surveyed turned out to be health care companies.
Notebooks are a particular problem as they allow employees to transport PHI more easily. As per the Ponemon study, the data on a manager's laptop is more valuable (at an average of about $61,000) than that of a CEO (only about $28,000).
And echoing Blumenthal's complaint about Anthem failing to promptly notify its customers of the breach, the study shows that moving fast to detect the breach pays off: The average cost if the notebook is found out missing the same day is about $9,000 but after more than a week, the cost can shoot up to well over $115,000.
According to another recent study, insider breaches are down and training and encryption rates are up, organizations are spending more on legal defense costs of Security Breaches.. In this direction, health care organizations stand to lose the most: They were among the biggest losers of business, as 6% (as compared to an average of 3.7% across all industries) of affected customers took their business elsewhere.
Costs of data breaches varied from a high of $31 million to a low of $750,000. According to Dr Larry Poneman, chairman and founder of The Poneman Institute, "In the five years we've conducted this study, we have continued to see an increase in the cost to businesses for suffering a data breach," adding, "With a variety of threat vectors to contend with, companies must implement proactively policies and technologies that lessen the risk of facing a costly breach."