TRENDING:

Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)

Planning for Financial Impact of Data Breaches

Attorney Laura Hammargren on Potential Costs and Ways to Minimize Them Marianne Kolbasuk McGee (HealthInfoSec) • April 8, 2019     10 Minutes   
Planning for Financial Impact of Data Breaches
Attorney Laura Hammargren of law firm Mayer Brown

Healthcare organizations need to plan ahead for the financial burden of data breaches stemming from cyberattacks and also take preventive steps to help minimize those expenses, says attorney Laura Hammargren of the law firm Mayer Brown.

"So many hospitals and healthcare providers do get hit [by cyberattacks] ... it is certainly something you may want to account for when you're planning your finances for the year," Hammargren says in an interview with Information Security Media Group. "What if there is a somewhat significant cost with an attack?"

Cyber insurance can help cover some of the costs, she notes. But, she adds, paying money upfront "to get your systems in pristine order," implement the latest security technologies and invest in training for employees can help save money in the long run, she says.

It's far easier to predict the cost of preventive measures compared to "a remedial measure after an attack has already happened," she stresses.

Besides the costs of responding to and mitigating the impact of a cyberattack - including forensic investigations, repairing and updating systems and software and handling breach notification - other costs can include fines from regulators, expenses associated with defending against class action lawsuits and even damage to the organization's reputation, she notes.

Plus, a recent report from Moody's Investor Service identified hospitals as one of the four business sectors - in addition to banks, securities firms and market infrastructure providers - that are most likely to suffer a weakened credit profile in the aftermath of a breach or cyberattack.

"I do think that people hadn't necessarily been thinking through that a credit service might start taking [a cyberattack] into account when assigning a credit rating," she says.

In the interview (see audio link below photo), Hammargren also discusses:

  • Being prepared to alter an incident response plan depending upon the type of breach that occurred;
  • Costs related to regulatory and legal issues;
  • Other financial fallout resulting from breaches and cyberattacks.

Hammargren is the co-leader of Mayer Brown's healthcare practice and a partner in its cybersecurity and data privacy practice. She is based in the firm's Chicago office.

Previous
Women in Cybersecurity: A Progress Report
Next
Another Scathing Equifax Post-Breach Report



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.