25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

10 HIPAA Breach Costs You May not Be Aware of

Posted By on Mar 25, 2015

A data breach is less of a possibility and more of inevitability in 2015. Cyber crime is on the increase and the healthcare industry is under threat, with major attacks already having exposed millions of records – with last year’s tally having already been surpassed by some distance.

Determining the data breach financial impact can be difficult as there are variables that cannot be accurately predicted immediately after a breach has occurred. Civil claims for damages will almost certainly be filed, although the number of victims of fraud will not be known for many years, neither the damages which will need to be covered.

The Department of Health and Human Services’ Office for Civil Rights investigates data breaches; however it can take time for an assessment to take place. A full compliance audit may be required, the findings assessed and financial penalties considered. Settlements can take a number of years to be reached and there is no telling how many violations will be discovered by its auditors.

Each violation category carries a maximum fine of $1.5 million in cases where the covered entity has acted with willful neglect (The current maximum fines can be found in this article). That figure is then multiplied by the length of time the violation was allowed to exist.

The Anthem data breach, which exposed 78.8 million records, could cost the company well in excess of $100 million. While not a healthcare breach, a comparison can be drawn with the Target data breach. Earlier this year the retailer reported the cost of the 70-million record breach to have reached $252 million, and that figure is almost certain to rise.

The data breach financial impact cannot be easily determined, but it is essential that an accurate estimate is obtained to help determine the appropriate level of insurance cover. Target indicated in its financial reports that insurance products only covered $90 million in payments, with the retailer having to cover the remaining $162 million.

There are a number of hidden costs associated with a data breach which need to be factored into breach cost estimates; 10 of which are summarized in the infographic below:

Hidden Data Breach Costs

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist