According to reporting to the HHS OCR:
The average cost of a healthcare data breach was $7.13 million in 2020, IBM research found.
And a headline scan finds a disturbingly wide array of attack methods coming at healthcare payers and providers recently, not just the typical foothold through phishing, but from hard-to-anticipate directions such as third-party vendors, as in the recent large-scale breaches through Blackbaud (cloud computing services) and Accellion (file transfer app). Just this month, the managed service provider for CareFirst BlueCross BlueShield Community Health Plan - District of Columbia (CHPDC) lost control of PHI for 200,000 patients.
The financial effects of a data breach at a healthcare payer can go on for years: The 2014 breach at Premera Blue Cross was finally settled with a $6.8 million penalty paid to the OCR and $74 million to settle lawsuits, five and six years later.
One more relevant stat, from the IBM study on the cost of a data breach: About half the time, the CISO is held responsible for the breach.
We created the RiskLens Cybersecurity Prioritization & Justification Solution for Healthcare Payers on the RiskLens platform to help payer CISOs
The solution comes pre-packaged with data and content to accelerate risk management for the most critical risks faced by health insurance company CISOs – first and foremost, the breach of a crown jewel PHI database.
The RiskLens healthcare payer solution includes:
Contact us for a demo of the Cybersecurity Prioritization & Justification Solution for Healthcare Payers.
Related: