According to Ponemon’s 2013 Cost of Data Breach Study: Global Analysis report, the healthcare industry lead the trend of regulated industries having higher per capita breach costs. Specifically, the healthcare industry had the highest per capita data breach cost for breaches with more than 1,000 records at $233 US per capita versus the overall mean of $136 US per capita. The primary sources of breaches were identified as “mistakes made by people and systems.” However, malicious attacks were a notable 37% of breaches covered by the report.
For some organizations, costs may be higher due to lack of experience in managing data breach response. Winston Krone, Kivu’s Managing Director, has evidenced this in numerous investigations, “While senior management is dusting off the incident response plan, the temptation for IT is to get rid of the suspected malware or close any suspected security gap, bring the affected systems down, and bring them up again in a fresh format.” Rather than erasing traces of a breach, conducting a forensic investigation provides information about the factors leading to a breach and may assist in reducing future breach incidents.
In the healthcare sector, forensic investigations provide an added value when used to quantify the potential exposure from a breach. This is particularly important with the recent passage of the HIPAA Final Omnibus Rule where a forensic investigation can serve as the foundation for an incident risk assessment. For additional insights about the importance of forensics, the following resources are provided based on a recent webinar given by Winston Krone and Mahmood Sher-Jan of ID Experts about Healthcare Data Vulnerabilities: Using Forensics Can Help Comply with HIPAA Final Omnibus Rule. Winston Krone and Mahmood Sher-Jan discussed top trends in healthcare data digitization and associated data breach and security incidents.