According to a recent IBM and Ponemon Institute study, the average cost per stolen data record in the health care industry is more than twice the cost for breaches in any other industry.

Results reported by the IBM and Ponemon Institute study indicate that the costs for data breaches are on the rise in all industries, but particularly in the health care industry. The study found that most companies lose $158 per stolen data record; however, health care companies lose $355 per stolen record. The study also noted that the current cost of $355 per stolen record is a $100 increase from 2013. The average cost of a data breach for all companies has grown to $4 million, which is a 29 percent increase since 2013.

The Ponemon study also discovered that slow response times and lack of planning are the largest risk for organizations. Using an incident response team allowed companies to save nearly $400,000 on average for a large breach. They found that 70 percent of U.S. security executives stated that they don’t have incident response policies in place.

If a health care organization doesn’t have the budget or manpower to dedicate to an incident response team, the organization should look into retaining a Business Associate who can manage the requirements for them. Lack of planning is not an option and could result in these severe costs for health care companies. Following HIPAA standards is crucial for health care organizations to avoid data breaches.

Additionally, the study found that the cost of the data breach increases the longer it takes to address the breach. While not all the organizations in this study are in the health care industry, the estimated time for responding to a breach was 201 days. For large breaches affecting 500 patients or more, HIPAA requires health care organizations to respond within 60 days of discovering the breach.

The issue then becomes when the breach is discovered. There have been cases where the FBI discovered the breach and notified the health care organization after the fact. Sometimes years have passed since the breach began before it was discovered. Health care organizations should have intrusion detection systems to help discover a breach in a more timely manner.

With the increase of large breaches and ransomware reported at multiple health care facilities, cyber security is becoming more important in protecting health information. Cybercrime is ever evolving, and each organization will need to work harder to protect against it. Use HIPAAgps to help prepare your incident response team and determine what safeguards you should implement.