Data breach costs drop – but not in health care
A recent study on data breaches says firms are getting better at handling security incidents. Unfortunately, healthcare organizations seem to be behind the curve.
On average, the damages done by data breaches declined last year, according to a recent report from Symantec and the Ponemon Institute. Data breaches cost companies an average of $5.5 million in 2011, down from $7.2 the previous year. The cost per breached record dropped from $214 to $194.
Those figures are based on a study of 49 data breaches suffered in 2011 and take into account the cost of the stolen data, as well as investigation costs, lost business opportunities, and other direct and indirect costs. According to researchers, the decline in financial damages was the result of organizations being better prepared to mitigate and respond to breaches.
Unfortunately, healthcare organizations in the study didn’t see the same good news as other industries. In fact, the average cost of a healthcare data breach increased by 10% last year, according to the study.
This report comes after another recent study found that the number of health data breaches is also increasing — in fact, the number of breaches nearly doubled from 2010 to 2011.
What can healthcare organizations do to lower the costs of data breaches? Securing mobile devices is one good step, as lost or stolen devices are one factor reports have blamed for the increasing prevalence and severity of health data breaches.
The Ponemon study also recommends organizations clearly designate one person to be in charge of IT security. Organizations studied that employed someone as a chief information security officer (CISO), or a position with a similar title, spent 35% less to recover from a data breach compared to those that did not.
Another way to limit the damage caused by a health data breach is to be prepared to respond if an incident occurs. For more information, read our earlier post on responding to a health data breach.
- Who’s liable after patient data is breached?
- Experts predict more lawsuits, data breaches against healthcare providers in 2012
- Nearly 80% of payers aren’t ready for ICD-10
Below are a few free resources you may find useful.