Why Healthcare & Personal Information Data Breaches Are So Dangerous & Costly
The American Medical Collection Agency, a provider of bill collection services for healthcare companies, experienced a massive data breach impacting nearly 20 million patients at LabCorp and Quest Diagnostics in 2018. Patient demographic and financial data, including social security numbers, were stolen by criminals that broke into its web payment system.
There are two notable features of this data breach: The data breach impacted personal rather than financial data and the breach occurred with a contractor — or a contractor of a contractor in the case of Quest Diagnostics — rather than at the company that collected the data. These two elements make this data breach a lot more dangerous than many others.
Let's take a look at why healthcare and personal information data breaches are so dangerous and costly, as well as steps you can take to prevent them.
Many data breaches occur due to security vulnerabilities in contractor security systems — not your own.
Healthcare & Personal Information
Healthcare and personal information data may not seem as valuable as financial data, but it can be extremely valuable in the hands of experienced criminals. Credit card thieves may charge a few hundred dollars on a stolen card before it's flagged, but sophisticated healthcare attacks can net criminals tens of thousands of dollars and go unnoticed for years.
Download our Checklist of Best Practices for Managing Personal Information to ensure your customer data is safe.
Using stolen social security numbers and health records, fraudsters can make false insurance and/or Medicare claims to collect thousands of dollars. These claims may go unnoticed since individuals are not typically involved in the claims process, but eventually, they will suffer the consequences when they try to make legitimate claims.
Personal information can also be used to:
- Open credit cards or take out loans
- Intercept tax refunds
- Steal airline miles
- Open utility accounts
These crimes can be committed without any credit card number or bank account access. The only requirement is personal information, such as a social security number, phone number, address or answers to basic security questions. With many financial transactions moving online, it’s becoming easier than ever to perpetrate these crimes.
How Do Data Breaches Impact Brands?
The average data breach costs about $3.86 million, according to a 2018 study by IBM and the Ponemon Institute, or about $150 per stolen record. That's enough to bankrupt many small businesses that are unprepared for such an attack. Healthcare organizations fare even worse with the average data breach costing upwards of $400 per stolen record.
Don't forget to download our checklist of best practices for managing personal information to ensure your customer data is safe.
A separate study found that data breaches have the third biggest impact on a company's reputation after poor customer service and environmental incidents. Nearly one-third of people that experienced a data breach terminate their relationship with the offending company while companies that experience a breach have a seven percent increase in customer churn.
Data breaches also have a significant impact on the value of a business. For instance, Yahoo!'s data breach reduced its value by $350 million and Chipotle's data breach resulted in a $400 million loss in shareholder value in a single day. Public companies are especially vulnerable to these impacts given that they're valued by investors every day.
How You Can Prevent Data Breaches
Security-focused companies can avoid data breaches and other cybersecurity incidents, as well as contain losses when they do occur. According to one study, security-focused companies have a relatively low churn rate of less than two percent compared to insecure companies that have churn rates that are nearly double following a data breach.
There are several ways to prevent and address data breaches:
Appoint a head of cybersecurity: Appoint someone to head up your cybersecurity efforts and ensure that you have the proper security measures in place, including cybersecurity software, data handling protocols, ongoing training programs and incident response plans in the event of a data breach.
Evaluate your contractors’ security: Only provide the necessary information to contractors in a secure format and ensure that they have strong security in place. Always remember that your data security is only as strong as that of the weakest contractor that holds your data.
Use up-to-date protection: Ensure that all software is kept up-to-date to eliminate known vulnerabilities, including operating systems, mobile devices and networking equipment. In addition, you should ensure that your cybersecurity software is kept up to date with the latest virus and malware definitions.
Backup & encrypt your data: Backup and encrypt all sensitive data to prevent any issues when physical devices or hardware is stolen. That way, if something is stolen, encryption can prevent a true data breach from occurring and backups can easily restore access to the information your business needs.
Jungle Disk provides a full suite of cybersecurity solutions designed for small businesses with less than 250 employees. In addition to active network protection, we provide businesses with secure cloud backups, password management tools and many other technologies designed to prevent and manage data breaches. Sign up to get started today!
The Bottom Line
Healthcare and personal information data breaches may seem relatively benign compared to stolen financial data, but in reality, they can be much more costly and dangerous. In the hands of criminals, this data can be used to make false insurance claims, take out loans and much more. Data breaches can also have a tremendous negative impact on your reputation.
You should take up a proactive security posture to prevent and manage data breaches when they occur. By doing so, you can reduce customer churn and limit the negative impact on your business. It’s equally important to ensure that all contractors that you work with have the proper security measures in place to handle your sensitive data.
Jungle Disk provides a comprehensive cybersecurity suite that’s designed for small businesses. For a reasonable monthly price per employee, you can have access to an always up-to-date, cloud-based security solution that minimizes cybersecurity risks from malware, viruses, DDoS and other threats experienced by businesses every day.
Sign up for Jungle Disk to protect your data today.