The Security Scrutinizer with Howard Anderson

7 Million Good Reasons to Prevent a Breach

7 Million Good Reasons to Prevent a Breach

Let's give BlueCross and BlueShield of Tennessee some credit for acknowledging that it has spent more than $7 million so far dealing with the aftermath of the theft of 57 unencrypted hard drives from a call center.

That breathtaking sum makes it crystal clear that potential data breaches have huge business implications for any healthcare organization.

"This helps the industry understand, aside from compliance, that security is really and truly a business risk and they need to pay attention to it," said Lisa Gallagher, senior director of privacy and security at the Healthcare Information and Management Systems Society, Chicago, in a recent interview.

Sometimes it's difficult to rally the support of CEOs and boards of directors for investments in such things as information security audits, risk management assessments and security technologies, including encryption and biometrics.

But the risk of paying $7 million to mop up a data breach mess should be an attention-grabber.

And just what did the Tennessee insurer get for its $7 million? A spokesman says the money was spent on auditing the backup files for the stolen data, reviewing and matching data to member information, engaging outside legal counsel and security services, and providing protection services to at-risk members.

Surely, there are better ways to spend $7 million.

So what can your organization do to avoid the potential for massive expenses related to a data breach?

"All organizations need to conduct a comprehensive security audit, assessing such questions as 'where is our data, how does it flow and how is it protected?'" Gallagher stressed.

Recent breaches--whether they involved the thefts of hard drives or laptops, the mistaken release of personal information via Google searches, the mailing of insurance documents containing personal identifiers or the mistaken display of Social Security numbers on envelopes--all point to the need for developing a comprehensive data security strategy that pinpoints weak spots, Gallagher said.

And if you've been having trouble convincing your organization of the value of an information security investment, now you can offer 7 million good reasons.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.