Share this article on:
The fallout from a healthcare data breach can be considerable. Organizations that have experiences large-scale data breaches, in particular when they have resulted from HIPAA violations, are forced to cover a substantial cost. This may exceed insurance cover or even violate the insurer’s terms and conditions, potentially resulting in no insurance payout.
Calculating the Costs of a Data Breach
Many of these costs are fairly easy to quantify. For breach notifications it is the cost of first class post, printing and stationary multiplied by the number of individuals affected, while a year or two of credit monitoring services for breach victims is easy to calculate.
Other costs are harder to predict – and quantify the financial damage caused – until sometime after a data breach has occurred, and that can be many years. Class action lawsuits may be filed quickly, but they can take a number of years to resolve. Financial penalties from the Department of Health and Human Services’ Office for Civil Rights may be issued, but this will not be known for a number of months.
One of the most difficult costs of a data breach to quantify is the effect it has on brand image, and what effect that has on actual revenues. Previous research indicates 65% of patients/health plan members would consider changing provider after they had suffered a data breach (assuming all other things to be equal).
Quantifying the Effect of a Data Breach on Brand Image
Los Angeles-based Wedbush Securities has recently published the results of a comparative survey it conducted on 1,022 customers before and after Anthem Inc. announced it had suffered a 78.8 million-record data breach,
According to a recent article posted in the Indianapolis Business Journal, the firm conducted a survey before the data beach was announced, when 51% of respondents rated Anthem Blue Cross Blue Shield as a better brand than its competitors. The competitors in this case was Aetna, Cigna and UnitedHealthcare.
When the question was put to respondents after the data breach was announced, its brand image had taken a hit, falling to 45%; an 8-point drop.
The Breach Response Affects Public Perception of a Brand
Patients and plan members are understandably annoyed, frustrated, worried or angry after the data they entrusted to a healthcare organization is exposed, stolen or otherwise disclosed to a third party. The position the company takes, the efficiency of its breach response, and the effort made to mitigate damage all have a significant effect on public perception of a brand.
Breach victims – and the general public – may not forget, but they are willing to forgive it would seem. Wedbush Securities reported that after seeing how Anthem responded to the cyberattack, 2% of respondents changed their minds about the company and rated it better than its competitors after the breach, when previously they viewed the brand as inferior.
It’s Not All Bad News
The data suggests the fallout from a healthcare data breach may not be as bad as some have suspected, certainly in terms of brand image.
According to Sara James, a Web Analysts at Wedbush Securities, “while the data breach had a net negative impact, there is still a core group willing to pay more for the brand. This brand awareness and preference will be key, in our opinion, as Anthem continues to grow in the consumer sector of public and private exchanges as well as Medicare.”
She also said “The willingness to pay for the Anthem brand actually increased after the breach. We believe this could reflect the awareness of the younger exchange population to the proliferation of data breaches following hacking attacks on many large corporations and the willingness to pay more for a service that addresses the breach quickly and effectively.”
Other Survey Findings
- Willingness to pay more for an Anthem Health Plan fell by 3 percent after the breach (24%-21%)
- 11% of customers decreased their assessment of how much they were willing to pay Anthem after the data breach (Offset by a 5% decrease overall)
- 7% of customers said they would not be happy paying a premium for Anthem before the breach, but changed their minds and said they would pay a premium after the breach occurred.