Healthcare breaches are currently on the rise, with more than 91.7 million records breached already in 2015. The average cost of a data breach is highest in healthcare than in any other industry, up now to $5.9 million per breach, but some costs are hard to estimate. Customer churn, for example, or a lower customer acquisition rate. According to new research from Software Advice, 54% of healthcare customers would be “very” or “moderately likely” to change providers after a data breach.
According to the survey, customers are most likely to switch providers if the security breach is the result of staff misconduct or carelessness or the physical theft of paper-based records and devices, versus cyberattack. It is probable that these breaches are seen as more “preventable."
The survey shows that the degree to which a healthcare organization is prepared before a breach, and how they react post-breach, does have an impact on customer churn. 37% of respondents would consider sticking with their doctor if specific examples of updated policies and supporting technologies were in place. Encryption is often cited as a technology that bolsters confidence for endpoint devices, and indeed if encryption is in place before a breach (with persistent technology that can prove it is functioning), you may be able to avoid disclosing the breach.
We recently contributed to a whitepaper created by the Institute for Health Technology Transformation (iHT²), When Security Breaches Don’t Have to be Reported, which outlines the issues of electronic health records, mobile devices and a mobile workforce as a challenge to securing PHI. Good endpoint security solutions, such as Absolute Computrace, offer key security functions in governance, risk management and compliance (GRC). Our solution includes an audit trail to show who viewed the data, whether it has been changed, where it resides, and how it’s protected (including the status of encryption); if files are deleted, the audit trail can prove it. This is all supported by Persistence technology, which cannot be removed.