TRENDING:

The Security Scrutinizer with Howard Anderson

Breaches: Assessing the Economic Impact

Study Estimates the Cost of Incidents Howard Anderson (ismg_editor) • December 1, 2011    

What's the economic impact of information breaches? The Ponemon Institute, a research organization, makes an educated guess that the impact averages more than $2.2 million every two years for healthcare organizations.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

But how did the institute come up with that figure? Researchers extrapolated it from the results of a small survey. Ponemon conducted detailed interviews with executives at 72 healthcare organizations that opted into the institute's second annual benchmark study, sponsored by ID Experts. Ponemon used its proprietary database of 481 organizations to reach out to potential participants.

More than half of organizations surveyed say they have little or no confidence that their organization could detect all patient data loss or theft. 

In the interviews, executives were asked to describe the economic impact of data breach incidents experienced by their organization over the past two years, choosing from eight ranges. The most common answer, selected by 26 percent, was $200,001 to $500,000. Another 22 percent selected $1 million to $10 million. Using "an extrapolation method," researchers estimate that the average two-year cost per organization is $2.25 million.

Whether you buy into that figure or not, it's clear that the economic impact of breaches is substantial. And this survey, like many others, shows that not enough is being done to detect and prevent breach incidents. For example, more than half of organizations surveyed say they have little or no confidence that their organization could detect all patient data loss or theft.

Breach Survey Results

Here are other highlights from the study:

  • On average, organizations surveyed have had four data breach incidents in the past two years, up from three in last year's study.
  • The average number of lost or stolen records per breach is 2,575, up from 1,769 in the previous study.
  • The top three causes for a data breach are lost or stolen computing devices, third-party mistakes and unintentional employee action.
  • Insufficient budgets and inadequate risk assessments are cited as the two greatest breach prevention weaknesses.
  • Some 81 percent of those surveyed use mobile devices to collect, store or transmit patient information, but 49 percent say they're doing nothing to protect these devices.


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Why Is Third-Party Risk Management So Complex?
Why Is Third-Party Risk Management So Complex?
Getting Ready for the NIST Privacy Framework
Getting Ready for the NIST Privacy Framework
Analysis: Using Twitter for Espionage
Analysis: Using Twitter for Espionage
CCPA Compliance: Identity Verification Challenges
CCPA Compliance: Identity Verification Challenges
Inside the Sophos 2020 Threat Report
Inside the Sophos 2020 Threat Report
A CISO Sizes Up Critical Technologies, Emerging Challenges
A CISO Sizes Up Critical Technologies, Emerging Challenges
Verizon: Companies Failing to Maintain PCI DSS Compliance
Verizon: Companies Failing to Maintain PCI DSS Compliance
Identity Fraud: Account Origination
Identity Fraud: Account Origination
Update: PCI SSC's Enhanced Contactless Payment Standard
Update: PCI SSC's Enhanced Contactless Payment Standard
Protecting Data in Sprawling Computing Environments
Protecting Data in Sprawling Computing Environments

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.