The Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, which was independently conducted by Ponemon Institute LLC, reveals that the majority of healthcare organizations have experienced multiple security incidents and faced a data breach.
Despite the universal risk for data breach, the study found that many organizations lack the funds and resources to protect patient data and are unprepared to meet the changing cyber threat environment. Based on the results of this study, it is estimated that data breaches could cost the industry US$6 billion. According to the findings of the research, the average cost of a data breach for healthcare organizations is estimated to be more than US$2.1 million. The average cost of a data breach to Business associates represented in the research is more than US$1 million. Business associates are entities that perform services for a covered entity that involves the use or disclosure of protected health information (PHI), according to the U.S. Department of Health & Human Services.
These results are aligned with the ENDURANCE International Group publication of its 2015 Small Business & Cybersecurity survey, which found that 81% of small business owners believe cybersecurity is a concern for their business. The survey also found that 31% of small businesses have experienced a cyber-attack or attempted cyber-attack. However, despite these concerns, only 42% of survey respondents have invested resources in cybersecurity protection in the last year.
An evidence of this concern, Netskope’s recent announcement of their 2015 survey results of 100 RSA Conference attendees, disclosed that 69% of respondents' CEOs or boards of directors had queried their security teams regarding specific security policies in the wake of recent high-profile breaches. More than half of respondents said their cloud-specific security methods have changed as a direct result of CEO or board-level conversations.