What are the consequences of a confidential information data breach for your organization?
To start, organizations can be sued in the state of Delaware. In fact, from a civil standpoint, you could be sued virtually anywhere. It depends upon the damages that are assessed.
Confidential Information Data Breach: An Example
Imagine that you’ve fallen victim to a ransomware attack and the hackers are demanding Bitcoin. The price can easily rise from a couple of hundred thousand to $300,000 to over half a million on average. A recent California State University, Northridge (CSUN) study found that more than 60% of people pay a ransom within 24 hours in an attempt to regain their data.
On top of that, you have escalating compliance fees. These could be as small as $2,500 per incident all the way to $25,000. And that’s how, if you have a multiple disclosure instance, you’re going to see tens of hundreds of thousands, if not millions, in disclosure.
But that’s not all. When you get to the endpoint, you find yourself in a situation where your data has limited your ability to seek or retain gainful employment due to a disclosure. Oftentimes, courts will look at not just the immediate but also the long-term impact, and that’s where civil penalties can escalate.
And then, finally, keep in mind that professionals and executives are increasingly being held accountable by their organizations. If you choose not to do something about the incident but know you should have done something and it’s egregious enough, the potential for jail time is on the table. These are really important factors to take into account. It could be the end of your livelihood. Should this happen under your watch?
Why Partner with ThinkSecureNet
The biggest benefit of working with an organization like ThinkSecureNet is that we not only have the technology to help you work more efficiently, but we also have the solutions that are already designated or affirmed to resolve a lot of the compliance challenges that you’re going to have.
In other words, if you go out to another company and say, “Hey, I need a router today,” they’ll sell you a router. However, they wouldn’t necessarily know that the router is going to be utilized in a healthcare environment. It’s important to understand your needs, and you should have an adequate router that can be secured and maintain that level of compliance.
That’s what we bring to the table. Our solutions are already catered to that level of compliance.
And should you encounter a disclosure and/or breach — and that’s not a matter of if but when — you’re going to want to work with an organization like ThinkSecureNet that can help you navigate the challenges of resolving and remediating such problems.
We can put in place the remediation going forward for you, which is going to mitigate, or at least put you in a position of least intent, and thereby reduce the fines that will be assessed against and levied against your organization.
Due Diligence Matters
If the due diligence has been done, it makes a huge amount of difference.
If you have a diesel car, you don’t take it to a general mechanic. You really want a specialist to look at it. And if you drive an electric car, you’d take it to an EV shop. You wouldn’t take it to your traditional mechanic.
That’s something that should be consistent in your professional life as well. You should go to experts that understand your industry and can provide you with solutions that meet the standard.
The obligation to maintain the environment is overlooked. Organizations don’t always take into account that when HIPAA mentions an annual survey, it means within 12 months, not 14 or 18 months.
Just like your oil change, it’s easy to let those things slip, but in this environment, there is just so much risk. Not just to individuals and their personal health information (PHI), but also to the livelihood of your organization, staff, and even the care that you’re responsible for providing to the community.
Adhering to those standards, understanding your obligation, and taking thoughtful steps toward constant improvement is something that really needs to be ingrained into everyone’s mission.
You can both take this for granted and overlook it at the same. So many people will just dust off their HIPAA binder sometime around Thanksgiving, knowing they’ve got to get it done by the 31st.
PHI and Its Protection Have to Be Core Values
And again, it gets back to the point of reducing risk. When a disclosure or a breach does occur, the investigators are certainly going to evaluate your participation, cooperation, and intent up to the point when the incident occurred. However, if you’re doing the preventative steps necessary and are always improving, you’ll have a lot less to worry about.
Having these preventative steps and making those regular improvements puts you into a much better light than the alternative of, “I didn’t really get to it this year,” or “We failed to do it within 12 months,” but it was 18 months ago. Every little bit helps when under the scrutiny of auditors and government officials.