Posted 10.22.13
by wpadmin
Blog

2013 Healthcare Data Breaches Cost 71% More Than The Average Data Breach

The Ponemon Institute and Symantec released a report earlier this year, 2013 Cost of Data Breach Study: Global Analysis, that revealed the most heavily regulated industries correlated with the highest costs of a data breach – the healthcare industry, for example, had a per capita cost that was 71 percent higher than the overall mean cost. Pharmaceuticals, also within the healthcare industry, came in at third for highest data breach costs at 52 percent higher than the average.

Data Breach Costs By Industry

Data Breach Costs By Industry; Source: Ponemon Institute

The per capita cost was found by dividing the total cost of a data breach by the size of the data breach, determined by the number of lost or stolen records. Part of the reason for the healthcare industry’s high cost of a data breach is the federally mandated healthcare data laws, HIPAA and HITECH that require not only notification of affected individuals, but also the media and the Dept. of Health & Human Services.

Investigations of breaches involving protected health information can be extensive, and remediation – conducting risk assessments, implementing technical and physical security safeguards, installing new hardware and software, etc., can be personnel and capital cost-intensive.

The financial industry is second to healthcare when it comes to high data breach costs, coming in at 58 percent higher costs than the average. The nature of the data handled by the financial industry is highly sensitive – particularly for anyone handling credit cardholder data. PCI DSS regulates data security and requires merchants and vendors to be regularly audited by a QSA (Quality Security Assessor) to ensure data is protected along its entire lifecycle – from collection to processing to storage.

The challenge of ensuring data is protected while in transit and at rest can be solved with built-in encryption, VPNs (Virtual Private Networks), SSL certificates and two-factor authentication for VPN access. Within the healthcare industry, the breach notification law doesn’t require notification as long as the data is encrypted.

Learn more about encryption of data at rest and in transit on our Defense in Depth page.

The increased cyber threats of hackers and data theft presents a strong case for employing encryption and infrastructure that both secures data while delivering strong computing performance for optimal data availability and reliability. In this white paper, different types of encryption will be discussed, including using encryption in the cloud.

Encrypted Cloud Data

Although encryption is not a silver bullet of data or system security, it is one key tool that can be accompanied by a full arsenal of security services for a layered-defense approach to ensuring data is protected, even if accessed by unauthorized individuals. Additional security options to add to your IT solution will be covered.

Download our latest white paper, Encryption of Cloud Data.

References:
2013 Cost of a Data Breach Study: Global Analysis (PDF)

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.