HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Quantifying the Effect of a Data Breach on Brand Image

The fallout from a healthcare data breach can be considerable. Organizations that have experiences large-scale data breaches, in particular when they have resulted from HIPAA violations, are forced to cover a substantial cost. This may exceed insurance cover or even violate the insurer’s terms and conditions, potentially resulting in no insurance payout.

Calculating the Costs of a Data Breach

Many of these costs are fairly easy to quantify. For breach notifications it is the cost of first class post, printing and stationary multiplied by the number of individuals affected, while a year or two of credit monitoring services for breach victims is easy to calculate.

Other costs are harder to predict – and quantify the financial damage caused – until sometime after a data breach has occurred, and that can be many years. Class action lawsuits may be filed quickly, but they can take a number of years to resolve. Financial penalties from the Department of Health and Human Services’ Office for Civil Rights may be issued, but this will not be known for a number of months.

One of the most difficult costs of a data breach to quantify is the effect it has on brand image, and what effect that has on actual revenues. Previous research indicates 65% of patients/health plan members would consider changing provider after they had suffered a data breach (assuming all other things to be equal).

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Quantifying the Effect of a Data Breach on Brand Image

Los Angeles-based Wedbush Securities has recently published the results of a comparative survey it conducted on 1,022 customers before and after Anthem Inc. announced it had suffered a 78.8 million-record data breach,

According to a recent article posted in the Indianapolis Business Journal, the firm conducted a survey before the data beach was announced, when 51% of respondents rated Anthem Blue Cross Blue Shield as a better brand than its competitors. The competitors in this case was Aetna, Cigna and UnitedHealthcare.

When the question was put to respondents after the data breach was announced, its brand image had taken a hit, falling to 45%; an 8-point drop.

The Breach Response Affects Public Perception of a Brand

Patients and plan members are understandably annoyed, frustrated, worried or angry after the data they entrusted to a healthcare organization is exposed, stolen or otherwise disclosed to a third party. The position the company takes, the efficiency of its breach response, and the effort made to mitigate damage all have a significant effect on public perception of a brand.

Breach victims – and the general public – may not forget, but they are willing to forgive it would seem. Wedbush Securities reported that after seeing how Anthem responded to the cyberattack, 2% of respondents changed their minds about the company and rated it better than its competitors after the breach, when previously they viewed the brand as inferior.

It’s Not All Bad News

The data suggests the fallout from a healthcare data breach may not be as bad as some have suspected, certainly in terms of brand image.

According to Sara James, a Web Analysts at Wedbush Securities, “while the data breach had a net negative impact, there is still a core group willing to pay more for the brand. This brand awareness and preference will be key, in our opinion, as Anthem continues to grow in the consumer sector of public and private exchanges as well as Medicare.”

She also said “The willingness to pay for the Anthem brand actually increased after the breach. We believe this could reflect the awareness of the younger exchange population to the proliferation of data breaches following hacking attacks on many large corporations and the willingness to pay more for a service that addresses the breach quickly and effectively.”

Other Survey Findings

  • Willingness to pay more for an Anthem Health Plan fell by 3 percent after the breach (24%-21%)
  • 11% of customers decreased their assessment of how much they were willing to pay Anthem after the data breach (Offset by a 5% decrease overall)
  • 7% of customers said they would not be happy paying a premium for Anthem before the breach, but changed their minds and said they would pay a premium after the breach occurred.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.