Examining the Cost of Data Breaches on Healthcare Companies

A new whitepaper from Protenus reveals data breaches not only harm an organization’s public image, they also cost exorbitant amounts of money. Titled “Cost of a Breach: A Business Case for Proactive Privacy Analytics,” the whitepaper details seven major potential costs of a healthcare data breach.

Here are eight key things to know from Protenus’ whitepaper.

  • Breaches in the U.S. healthcare field cost $6.2 billion each year. The average cost of a single data breach across all industries is $4 million, according to a 2016 study from IBM and Ponemon Institute. Approximately 90% of hospitals have reported a breach in the past two years.
  • When a healthcare organization experiences a breach, forensics costs added up to $610,000. After a breach, organizations often have to bring in compliance personnel and auditors to detail what information was breached.
  • Breach notification costs $560,000 on average. Overall notification costs — including reporting information to the media, notifying HHS, and setting up a toll-free number and credit monitoring services for affected patients — can reach high totals.
  • Costs affiliated with lawsuits average $880,000. Whether class-action or single-patient, breach-related lawsuit costs can add up, with those in the healthcare industry being even more costly.
  • For each data breach, healthcare organizations average $3.7 million in lost revenue. Data breaches often result in a loss of patient trust, which can spiral into millions of dollars in lost potential revenue. A report from the Ponemon Institute estimates healthcare organizations average $3.7 million in lost revenue per data breach, but Accenture estimates the cost could be as high as $113 million.
  • Healthcare organizations average $500,000 in lost brand value after a breach. An organization’s reputation can be damaged after a breach. Some estimates reach $50 million as an average amount in lost brand value, but Protenus claims the actual lost value varies by institution.
  • The average HIPAA settlement fine is approximately $1.1 million. This average is only increasing as HHS more aggressively enforces HIPAA regulations.
  • Post-breach cleanup costs average $440,000. Though cleanup costs after a breach differ between companies, even purchasing new technologies and hiring new staff members can add up quickly.

About The Author