How much does a data breach really cost?

We really don’t want to scare organizations, but this is a real problem and we feel this must be disclosed. A data breach costs an organization on many different levels. The cost of notification, credit monitoring, remediation, then comes fines and penalties if you do not have reasonable and appropriate safeguards in place based on the size of your organization.

Earlier this year we had estimated the cost per patient record to be $380, according to the Ponemon Institute, they are estimating this cost has risen to $429 per patient record. If you can’t determine which records were breached, then you must notify all of your patients. This is where the massive costs are generated. Of course, the sooner you discover the breach the less it will cost you. This is why audit log monitoring is so important. If you are monitoring who and what is going on in your network, you can prevent a breach or at least stop a breach before it becomes a major breach (over 500 records).

Audit log monitoring is very time consuming and nearly impossible to do on your own. We recommend monitoring your logs from different sources, starting with your EHR. This is where most of your patient data resides and this needs to be protected. Aris works with a company in California that offers EHR audit log monitoring. They have developed a system that will send out email alerts when suspicious activity occurs.

We also recommend monitoring your logs from your firewall or domain controller. This is even more complex and again we recommend utilizing a third party. Aris has partnered with a nationally recognized network security company that can assist in this area as well. We understand that cost is very important to our clients and that is why we have selected these particular companies. They are reasonably priced and offer outstanding service. Let us know if you would like more information from either of these companies.

Keep safe out there on the World Wide Web aka the Wild Wild West!

If you would like more information, contact us at 877.659.2467 or complete the contact us form.

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

What does being HIPAA Compliant actually mean anyway?

July 15, 2019

Ransomware is a REAL threat…

October 20, 2019
©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC