Another day, another company cyber attacked and personal information exposed. Quest Diagnostics announced in early December 2016 that one of their applications had been breached and 34,000 customers information was accessed by an unauthorized third party.
This was just the latest in a long line of major health care providers such as Anthem Blue Cross and Community Health Systems. While the breach of Quest Diagnostics may be considered minor by comparison, we have learned that over time small breaches can turn into big ones.
What Information Is Considered Private?
Quest advised in their initial press release that the only information accessed by the hackers were name, date of birth, lab results, and in some cases phone numbers. The hacked information apparently did not include Social Security numbers, credit card or other financial information. There has also been no indication of misuse of any of the illegally obtained information.
What information is considered private? While names, and even phone numbers are easily obtainable, even birth dates can be found fairly quickly. It is a relief that no Social Security numbers or financial information was obtained, but no doubt the 34,000 patients whose lab results were exposed are none too happy about it.
As we have seen in prior hacking cases, in the early days of detection numbers are often under-reported. Further investigation will likely reveal that even more patients records were exposed, and that financial information may also have been accessed.
The Cost to Business
Cyber attacks and hacks can be costly to business. State and federal laws provide guidelines on timely notification to customers and patients of businesses when their information has been accessed by unauthorized parties.
The Ponemon Institute advises that as of 2015, the average cost per compromised record worldwide is $154. The United States comes in at the high end of the spectrum with a cost of $217 per compromised record. The health care industry has the highest per-record cost at $363. Those numbers are expected to increase for 2016, 2017 and beyond.
In addition to notification costs, businesses must also reimburse customers who are affected financially. Most companies offer credit monitoring to those customers at significant cost to the business.
The length of time it takes to catch and contain a cyber breach directly affects the cost of a cyber attack for each business. The longer it takes, the more expensive it becomes, contributing to the increase in cost per data breach to an average of $3.29 million.
Forensic analysis, cost to reputation and goodwill for affected companies further increases the costs of data breaches, affecting the bottom line by as much as $1.57 million or more per incident.
How Do You Contain Costs?
Not many businesses can easily absorb a $3.29 million price tag for a data breach. In fact, 60% of small businesses involved in cyber attacks are out of business within 6 months. Why? They don’t have a plan in place to prevent hacking before the attack, and they didn’t have a plan to contain costs after a hack.
While proper employee training and cyber security measures are important, even the most secure of companies can be breached. To keep your business up and running after a data breach, you need Cyber Liability Insurance.
Cyber Liability coverage can be customized to fit the specific needs of your business. Policies can be written to include coverage for notification costs, forensic analysis, lost revenues and more.
If your current insurance portfolio does not include coverage for Cyber Liability, contact Hayes today or a free no-obligation quote.