A new whitepaper from Protenus reveals data breaches not only harm an organization's public image, they also cost exorbitant amounts of money.
Titled "Cost of a Breach: A Business Case for Proactive Privacy Analytics," the whitepaper details seven potential costs of a healthcare data breach.
Here are nine things to know about Protenus' whitepaper.
1. Breaches in the U.S. healthcare field cost $6.2 billion each year. The average cost of a single data breach across all industries is $4 million, according to a 2016 study from IBM and Ponemon Institute.
2. Approximately 90 percent of hospitals have reported a breach in the past two years.
3. When a healthcare organization experiences a breach, forensics costs added up to $610,000. After a breach, organizations often have to bring in compliance personnel and auditors to detail what information was breached.
4. Breach notification costs $560,000 on average. Overall notification costs — including reporting information to the media, notifying HHS and setting up a toll-free number and credit monitoring services for affected patients — can reach high totals.
5. Costs affiliated with lawsuits average $880,000. Whether class-action or single-patient, breach-related lawsuit costs can add up, with those in the healthcare industry being even more costly.
6. For each data breach, healthcare organizations average $3.7 million in lost revenue. Data breaches often result in a loss of patient trust, which can spiral into millions of dollars in lost potential revenue. A report from the Ponemon Institute estimates healthcare organizations average $3.7 million in lost revenue per data breach, but a report from Accenture estimates the cost could be as high as $113 million.
7. Healthcare organizations average $500,000 in lost brand value after a breach. An organization's reputation can be damaged after a breach. Some estimates reach $50 million as an average amount in lost brand value, but Protenus claims the actual lost value varies from institution to institution.
8. The average HIPAA settlement fine is approximately $1.1 million. This average is only increasing as HHS becomes more aggressive in enforcing HIPAA regulations.
9. Post-breach cleanup costs average $440,000. Though cleanup costs after a breach differ between organizations, even purchasing new technologies and hiring new staff members can add up.