Cost Analysis of Healthcare Sector Data Breaches Health Sector Cybersecurity Coordination Center (HC3) [open pdf - 259KB]
From the Executive Summary: "Data breaches can have a significant impact on both the healthcare organization attacked and the individual victims. Healthcare and Public Health Sector (HPH) sector entities face the cost of recovery, lawsuits and the public relations ramifications including loss of customers/patients. Individuals can suffer financial penalties of various sorts as well as the embarrassment of having personal information leaked. As a result, the Federal government has passed several pieces of legislation in order to help protect against and curb data breaches, including regulations and penalties for healthcare organizations that are non-compliant. Costs are either direct or indirect, and mitigation efforts can be viewed in terms of prevention (the preferred method) and post-breach cost reduction. HPH Sector entities are encouraged to factor the cost of breaches into their overall approach towards risk management for both legal and operational efficiency reasons. According to a Ponemon Institute study, the average cost of a breach for a healthcare organization is approximately $8 million, and trending upwards, while another study concluded that a total breach cost can exceed $400 per patient record exposed, elevating the importance of establishing strong risk management practices."
Department of Health and Human Services: http://www.hhs.gov/