This is evident in the almost weekly reports of some healthcare entity losing patient data. The recent data breach at Community Health Systems affected 4.5 million patients. Wonder what the cost that data breach is going to be? Some estimates put it in the range of $75M to $150M (Forbes).
You might think that your small or medium sized healthcare practice doesn't have that many records, so why bother with data security. Well here’s something to think about.
The recent Ponemon Institute Study estimates the average data breach cost per comprised record for all industries in the US to be around $200 ( maybe even higher for healthcare). The findings were based on survey responses from 277 organizations that had experienced a data breach involving less than 100,000 compromised records. So even a small physician practice or a dental office with 5000 patients could easily spend upwards of a million dollars on data breach costs.
Despite overwhelming evidence of increase in data breaches, many CEOs/CFOs complain about the financial expense incurred to protect patient data. They do not see the value of investing adequate time, money and resources in data security measures as it doesn't add to the business bottom line. This attitude is precisely what makes healthcare entities such attractive targets for criminals.
I wonder what it is going to take for healthcare organizations to get serious about data security and proactively take steps to secure their patient data. How many data breaches is it going to take for healthcare administrators, CEOs, and CFOs to realize that there is a price to be paid for not securing patient data. Just like it shouldn't take the law to compel you to a wear seat belts when you drive (it protects you duh!), it shouldn't take HIPAA and state regulations to force you to implement strong data security measures that protect your patients and your business.