Everyone has seen the scary news stories. A clinician’s laptop containing protected health information is lost or stolen. A disgruntled employee hacks into the hospital’s network and exposes personal data. Or a virus attack results in a widespread breach of
patient privacy. Not only are these incidents embarrassing and harmful to a hospital’s reputation, they also result in costly fines and potential privacy-related legal claims.
According to a study from the Ponemon Institute on behalf of IBM Security, data breaches are costlier to resolve in the United States than in other nations and the cost of a data breach varies considerably among industries. Health care has the highest
data breach resolution costs — an average $408 per record. This is considerably higher than the No. 2 spot on Ponemon’s study, financial services data breaches, with an average cost of $206 per record.
While most hospital leaders acknowledge the financial impact and the legal and regulatory repercussions that can result from a cybersecurity breach, there are other costs, including those associated with damage to the hospital’s reputation, operational
expenses and impacts on quality and patient safety:
• Reputation. Once a breach occurs, and the news spreads, a hospital’s reputation can be significantly damaged, with repercussions including a decrease in the number of patients, loss of staff members or severed ties with community partners.
• Operations. Operational costs vary depending on the type of breach, but if the incident involved an employee, hospitals should be prepared for extra costs such as those associated with hiring and training new employees.
• Quality and patient safety. Patients trust their health care providers with their most important personal information, and they expect that information to remain confidential. When patient records are compromised, delayed or inaccurate diagnoses can occur or the hospital could process fraudulent medical claims.
The Texas Hospital Insurance Exchange offers cyber liability insurance designed for the unique privacy-related exposures that hospitals face on a daily basis. These policies cover the regulatory defense of claims and lost profits due to negative publicity, so hospitals can focus on what matters most–providing high-quality care.