7 Million Good Reasons to Prevent a Breach
Let's give BlueCross and BlueShield of Tennessee some credit for acknowledging that it has spent more than $7 million so far dealing with the aftermath of the theft of 57 unencrypted hard drives from a call center.
That breathtaking sum makes it crystal clear that potential data breaches have huge business implications for any healthcare organization.
"This helps the industry understand, aside from compliance, that security is really and truly a business risk and they need to pay attention to it," said Lisa Gallagher, senior director of privacy and security at the Healthcare Information and Management Systems Society, Chicago, in a recent interview.
Sometimes it's difficult to rally the support of CEOs and boards of directors for investments in such things as information security audits, risk management assessments and security technologies, including encryption and biometrics.
But the risk of paying $7 million to mop up a data breach mess should be an attention-grabber.
And just what did the Tennessee insurer get for its $7 million? A spokesman says the money was spent on auditing the backup files for the stolen data, reviewing and matching data to member information, engaging outside legal counsel and security services, and providing protection services to at-risk members.
Surely, there are better ways to spend $7 million.
So what can your organization do to avoid the potential for massive expenses related to a data breach?
"All organizations need to conduct a comprehensive security audit, assessing such questions as 'where is our data, how does it flow and how is it protected?'" Gallagher stressed.
Recent breaches--whether they involved the thefts of hard drives or laptops, the mistaken release of personal information via Google searches, the mailing of insurance documents containing personal identifiers or the mistaken display of Social Security numbers on envelopes--all point to the need for developing a comprehensive data security strategy that pinpoints weak spots, Gallagher said.
And if you've been having trouble convincing your organization of the value of an information security investment, now you can offer 7 million good reasons.