High correlation between data loss events and #SMB in US states

Notification requirements under HIPAA and HITECH Acts mandate that healthcare providers must notify patients when there is a breach of unsecured Protected Health Information (PHI) and promptly notify the U.S. Department of Health and Human Services (HHS) if there is any breach of unsecured PHI. They also have to inform the media and public if the breach affects more than 500 patients.

We’re repeatedly asked whether businesses should allocate resources towards being HIPAA complaint. My answer is always YES! Healthcare organizations are among the most targeted industries by cyber-attackers due to the richness of the personal data they hold. HIPAA requirements are a very good structure for healthcare organizations to follow in order to keep their privacy promise to their clients. In addition, fines due to a misconduct can reach up to $1.5M and the reputation damage may have a dramatic impact on small to mid-size businesses.

I’ve decided to look into the data published on all known HIPAA compromised data events. At the moment (Sep’ 2016) this includes 1651 reports. Some of the insight that arise from the publication sits well with current cyber security market trends:

I’ve decided to look into the data published on all known HIPAA compromised data events. At the moment (Sep’ 2016) this includes 1651 reports. Some of the insight that arise from the publication sits well with current cyber security market trends:

1. Estimated total costs associated with all reported HIPAA compromised records crossed $67B — Total number of compromised HIPAA records crosses 168M. Taking into account the average $402 cost of a stolen healthcare record in 2016, as mentioned in Ponemon Institute’s 2016 Cost of Data Breach Study, totaling to the phenomenal figure of $67B!!!
2. Cyber-attacks and their magnitudes are on a continuous rise — 7 out of 10 largest HIPAA reported breaches happened in the last 2 years and included more than 115M compromised records.
3. Approx. third of the reported HIPAA events impacted small to mid-size businesses — 27% of reported HIPAA events involved compromise of less than 1000 records.
4. Most of the data loss events are at a small to medium size scale and involve few thousand of records — The median number of compromised records is 2,300.
5. High correlation between number of SMB in a state and the number of reported HIPAA events — Top 5 states in terms of number of reported HIPAA events are also the ones with most SMB across the US.

Concerned with the impact of a cyber-breach on your business? We can help! Signup at www.mydro.co and get a FREE cyber security risk assessment.