Healthcare SMBs Should Budget for Data Breaches

healthcare data breach
  • March 2, 2017
  • Print This Post

On a regular basis in this blog, we counsel leaders of small to mid-size businesses (SMBs) to think like their counterparts in big corporations. For example, large companies budget for cyber security and recovery costs. So, SMBs would be wise to do the same.

This advice goes double for any SMB operating in the healthcare sector.

Why? Because your industry is ranked as the one most at risk per both the Ponemon Institute and Trend Micro, suffering for hundreds of data breaches. Some security consultants estimate that one in every 10 U.S. healthcare firms suffered at least one data breach during the past two years.

And the threat isn’t limited to sprawling organizations. Ninety percent of the worst breaches last year were suffered by providers, which tend to be smaller companies with fewer numbers of files. The Office for Civil Rights (OCR) of the Department of Health and Human Services, the agency that investigates HIPPA infractions, now reviews incidents with fewer than 5,000 affected records.

The scope of this mounting cybersecurity threat – the full range of small to large operations – is making data breaches in healthcare the most expensive of any industry in the U.S. The costs come from a potentially debilitating chain of events including downtime, notifying and protecting customers, investigation, and possible regulatory fines. For example, in January 2017 OCR announced a $475,000 settlement with just 836 affected individuals and a $2.2 million settlement over 2,209 records. Damaged reputation and lost customers are harder to quantify, but surely last longer and drain unseen dollars, too.

How do you mitigate these costs? Here’s a recommended regimen for healthcare SMBs:

  • Train all your staff. Across all areas of your organization, human errors can drain as much as 4% of revenue. Most breaches result from one person’s mistake, unwitting or careless. But people are your biggest line of defense, too. A recent study featured in HealthData Management suggests your organization can decrease security risk by as much as 70% by increasing awareness of the pivotal role employees play.
  • Identify and fix your biggest operational risks. Then you can plan what you spend and when. Currently, healthcare organizations spend just 3%-10% of their IT budgets on security; when finance, banking and the federal agencies spend twice that much.
  • Develop and test your breach recovery plan. A good plan includes containment, corrections and prompt notification. Evaluate identity protection services so you can enroll your patients quickly.
  • Consider cyber insurance. Healthcare SMBs are prime targets, so the benefits may outweigh the cost.

You don’t have to go it alone. Hiring an IT Managed Services Provider (MSP) can reduce the likelihood you’ll suffer an attack. Their experts stay current with best practices and constantly evolving threats — and guide your security and recovery plan. Dollars spent here reduce the dollars you must spend if a breach occurs, in hard costs, lost time and damaged reputation.

Need Help With
Your IT?

Find a Location

0 Comments

Need Help with your IT?

Find a Location
Near You.

Gain
weekly
insight

into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter

About

ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.