25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Quantifying the Effect of a Data Breach on Brand Image

Posted By on May 21, 2015

The fallout from a healthcare data breach can be considerable. Organizations that have experiences large-scale data breaches, in particular when they have resulted from HIPAA violations, are forced to cover a substantial cost. This may exceed insurance cover or even violate the insurer’s terms and conditions, potentially resulting in no insurance payout.

Calculating the Costs of a Data Breach

Many of these costs are fairly easy to quantify. For breach notifications it is the cost of first class post, printing and stationary multiplied by the number of individuals affected, while a year or two of credit monitoring services for breach victims is easy to calculate.

Other costs are harder to predict – and quantify the financial damage caused – until sometime after a data breach has occurred, and that can be many years. Class action lawsuits may be filed quickly, but they can take a number of years to resolve. Financial penalties from the Department of Health and Human Services’ Office for Civil Rights may be issued, but this will not be known for a number of months.

One of the most difficult costs of a data breach to quantify is the effect it has on brand image, and what effect that has on actual revenues. Previous research indicates 65% of patients/health plan members would consider changing provider after they had suffered a data breach (assuming all other things to be equal).

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Quantifying the Effect of a Data Breach on Brand Image

Los Angeles-based Wedbush Securities has recently published the results of a comparative survey it conducted on 1,022 customers before and after Anthem Inc. announced it had suffered a 78.8 million-record data breach,

According to a recent article posted in the Indianapolis Business Journal, the firm conducted a survey before the data beach was announced, when 51% of respondents rated Anthem Blue Cross Blue Shield as a better brand than its competitors. The competitors in this case was Aetna, Cigna and UnitedHealthcare.

When the question was put to respondents after the data breach was announced, its brand image had taken a hit, falling to 45%; an 8-point drop.

The Breach Response Affects Public Perception of a Brand

Patients and plan members are understandably annoyed, frustrated, worried or angry after the data they entrusted to a healthcare organization is exposed, stolen or otherwise disclosed to a third party. The position the company takes, the efficiency of its breach response, and the effort made to mitigate damage all have a significant effect on public perception of a brand.

Breach victims – and the general public – may not forget, but they are willing to forgive it would seem. Wedbush Securities reported that after seeing how Anthem responded to the cyberattack, 2% of respondents changed their minds about the company and rated it better than its competitors after the breach, when previously they viewed the brand as inferior.

It’s Not All Bad News

The data suggests the fallout from a healthcare data breach may not be as bad as some have suspected, certainly in terms of brand image.

According to Sara James, a Web Analysts at Wedbush Securities, “while the data breach had a net negative impact, there is still a core group willing to pay more for the brand. This brand awareness and preference will be key, in our opinion, as Anthem continues to grow in the consumer sector of public and private exchanges as well as Medicare.”

She also said “The willingness to pay for the Anthem brand actually increased after the breach. We believe this could reflect the awareness of the younger exchange population to the proliferation of data breaches following hacking attacks on many large corporations and the willingness to pay more for a service that addresses the breach quickly and effectively.”

Other Survey Findings

  • Willingness to pay more for an Anthem Health Plan fell by 3 percent after the breach (24%-21%)
  • 11% of customers decreased their assessment of how much they were willing to pay Anthem after the data breach (Offset by a 5% decrease overall)
  • 7% of customers said they would not be happy paying a premium for Anthem before the breach, but changed their minds and said they would pay a premium after the breach occurred.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist