HIPAA Data Breach Cost: $100K Per Day.

According to an article at darkreading.com, 10% of surveyed healthcare organizations say data breaches cost $100,000 per incident each day.  Based on what I’ve seen and read over the past four years, I’m pretty sure that a good portion of such breaches is due to the lack of data encryption software like AlertBoot.

34% Experienced Breach in Past Two Years

One-hundred and seven IT administrators, managers, and executives were surveyed by GlobalSign.  Half of the respondents were with organizations that had 5,000 or more employees.  According to the survey:

  • 56% of IT admins spent anywhere between 25% to 100% of their time working on HIPAA compliance

  • 34% had a data breach in the past two years

  • 10% (of the 34%?) said that the breaches cost $100,000 per incident per day

  • 40% spend one-fourth of their time improving security, while 19% of responders spend 75% to 100% of their time doing the same

I Can Relate – Slow Encryption Deployment

I can relate to some of these stats.  Obviously, data security requires more than the installation of encryption software on laptops, desktops, external drives, and other devices that contain electronic Protected Health Information (ePHI).  However, I know from trading notes with people in the encryption industry that it’s not unusual to sign up for encryption software and have it “sit around on shelves” for a couple of months before anything can be done with it…if you’re lucky!

Even more terrible (psychologically, at least) is when you’re in the middle of a drawn out deployment process when a data breach strikes: a lost laptop computer, a stolen USB drive, etc. that you didn’t get to in time.  Those data breaches don’t just wait at your door because you happen to be in the middle of securing your data!

Faster Deployment of Encryption

It doesn’t have to be that way, though.  Just like certain cloud-based software services upended their industry (like salesforce.com and CRM), solutions like AlertBoot exist where the deployment of disk encryption is done from the cloud, slicing days, weeks, or even months from the “normal” encryption deployment process, and offering real-time compliance reports on your state of encryption.

Granted, this won’t mean that the above stats will be significantly reduced (except, perhaps, the $100 K per day figure: the costliest, largest breaches have been associated with the loss of PHI stored on computer hard disk drives in one form or another, so the sooner you can secure those, the lower your chances of a data-at-rest breach).  After all, one’s work is never done when it comes to data security.

However, it does mean that a person can concentrate on the more dynamic dangers and leave behind the tedium associated with ensuring that disk encryption is properly deployed across an organization.

Related Articles and Sites:

Comments (0)

Let us know what you think