10 HIPAA Breach Costs You May not Be Aware of

A data breach is less of a possibility and more of inevitability in 2015. Cyber crime is on the increase and the healthcare industry is under threat, with major attacks already having exposed millions of records – with last year’s tally having already been surpassed by some distance.

Determining the data breach financial impact can be difficult as there are variables that cannot be accurately predicted immediately after a breach has occurred. Civil claims for damages will almost certainly be filed, although the number of victims of fraud will not be known for many years, neither the damages which will need to be covered.

The Department of Health and Human Services’ Office for Civil Rights investigates data breaches; however it can take time for an assessment to take place. A full compliance audit may be required, the findings assessed and financial penalties considered. Settlements can take a number of years to be reached and there is no telling how many violations will be discovered by its auditors.

Each violation category carries a maximum fine of $1.5 million in cases where the covered entity has acted with willful neglect. That figure is then multiplied by the length of time the violation was allowed to exist.

The Anthem data breach, which exposed 78.8 million records, could cost the company well in excess of $100 million. While not a healthcare breach, a comparison can be drawn with the Target data breach. Earlier this year the retailer reported the cost of the 70-million record breach to have reached $252 million, and that figure is almost certain to rise.

The data breach financial impact cannot be easily determined, but it is essential that an accurate estimate is obtained to help determine the appropriate level of insurance cover. Target indicated in its financial reports that insurance products only covered 90 million in payments, with the retailer having to cover the remaining $162 million.

There are a number of hidden costs associated with a data breach which need to be factored into breach cost estimates; 10 of which are summarized in the infographic below:


Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.