On a regular basis in this blog, we counsel leaders of small to mid-size businesses (SMBs) to think like their counterparts in big corporations. For example, large companies budget for cyber security and recovery costs. So, SMBs would be wise to do the same.
This advice goes double for any SMB operating in the healthcare sector.
Why? Because your industry is ranked as the one most at risk per both the Ponemon Institute and Trend Micro, suffering for hundreds of data breaches. Some security consultants estimate that one in every 10 U.S. healthcare firms suffered at least one data breach during the past two years.
And the threat isn’t limited to sprawling organizations. Ninety percent of the worst breaches last year were suffered by providers, which tend to be smaller companies with fewer numbers of files. The Office for Civil Rights (OCR) of the Department of Health and Human Services, the agency that investigates HIPPA infractions, now reviews incidents with fewer than 5,000 affected records.
The scope of this mounting cybersecurity threat – the full range of small to large operations – is making data breaches in healthcare the most expensive of any industry in the U.S. The costs come from a potentially debilitating chain of events including downtime, notifying and protecting customers, investigation, and possible regulatory fines. For example, in January 2017 OCR announced a $475,000 settlement with just 836 affected individuals and a $2.2 million settlement over 2,209 records. Damaged reputation and lost customers are harder to quantify, but surely last longer and drain unseen dollars, too.
How do you mitigate these costs? Here’s a recommended regimen for healthcare SMBs:
You don’t have to go it alone. Hiring an IT Managed Services Provider (MSP) can reduce the likelihood you’ll suffer an attack. Their experts stay current with best practices and constantly evolving threats — and guide your security and recovery plan. Dollars spent here reduce the dollars you must spend if a breach occurs, in hard costs, lost time and damaged reputation.