If you owned a prized horse, would you protect it with a $50 fence? $100? A thousand? How much would you invest in that horse?
Most likely, whatever you prize—a horse, a car, your family—is worth a lot more than a few hundred or thousand bucks. And more likely, a lot of what you value or treasure is priceless. For those things and people that we want to protect, how much is too much?
The same concept applies to protecting your data. How much are your patient records, employment information or business data (think bank accounts, for instance) worth protecting? (We can quantify the worth of a medical record).
I’m sure if you’re like most healthcare offices (or any business worried about keeping data private) that data is worth something, but most of us never put a concrete number on it.
The problem with not knowing what our data is worth?
We end up not realizing whether we should really be protecting the horse with a ten dollar or ten thousand dollar fence.
Since we aren’t sure how expensive a data breach or ransomware attack might be on our businesses, we really aren’t sure how high or thick a wall to wrap around our business or patient data to keep it safe.
I want to spend a few minutes thinking about what your health data (or business data is worth) and figuring out what kind of fence makes sense to help keep valuable or sensitive data secure.
So… What is your data worth?
Let’s consider a recent court case where patients of a small chain of practices that experienced a data breach of a few thousand records. The practice ended shelling out nearly three hundred thousand dollars for the breach.
That is on top of HIPAA fines and other state penalties amounting to nearly another hundred thousand bucks. When all was said and done, the practice shelled out nearly a half million dollars in legal expenses (not including cyber forensic investigations, public relations contracts, disaster recovery, credit loss, breach notifications to patients, and a loss of community trust).
In all, the organization lost nearly three-quarters of a million bucks! The physician with largest stake in the organization ended up selling his plane and opening a second mortgage on his house to cover the lot of expenses related to the breach.
So once again, how much is your data worth?
If we take the four thousand records that the aforementioned practice lost in their incident, it seems like each record was worth just under two hundred bucks (experts expect costs to only rise through 2018 and 2019).
Even if you’re not in healthcare, your records are valuable.
In a recent 2018 report on the cost of a data breach, the average cost to a breach ended up amounting to $408 per record (all costs included). Across all industries, a record cost $233. And for those healthcare organizations that had experienced a data breach or cyber incident in the last year, two-thirds of their financial costs stemmed from losing patients after violating their trust in a breach.
A simple calculation to evaluate the worth of your health records?
Number of patient records x $408 (cost per record from a breach) = $ ________________ in risk.
Example, if your small practice has 3,700 x $408 = $1.5 million bucks in risk!
The bottom line: data is worth more than gold. Whether you’re thinking about patient health information (PHI), social security numbers, or even banking information, your data is likely more valuable than robbing the local bank. Know the value of your data. Know your cybersecurity risk. Do the simple math to figure out how much you’re risking by not protecting that data.
What can you do to keep your data safe?
I don’t care who you go to be ensure data security—your existing IT department, outsourcing from a third party consultant, you need to assess your risks to make sure your practice is protecting its data and not falling into the pitfalls many offices end up in after a cyber event.
When we work with prospective clients evaluating where their cybersecurity and HIPAA vulnerabilities lie, we identify a multitude of ways to improve office habits and security best practices that help:
- Keep offices regulated by HIPAA compliant.
- Understand where vulnerabilities to breaches or cyberattacks may make you vulnerable to current threats.
- Make sure your business is not the lowest hanging fruit when it comes to security practices and network health (cyber criminals are looking for easy targets).
After doing the math, how much is your data worth? How much are you investing (time, money, effort) into keeping it safe? Are you only investing in a $10 fence? Contact Us Today for a FREE network security assessment.