Data Security Failures: The Cost to Industry

Despite a marginal decrease in data breach expenses, the healthcare industry still foots a bill when an incident occurs: an average of $9.8 million per breach.  This is a mere $1 million lower than the previous year, and does not dethrone the healthcare industry from its top spot in the rankings.  In comparison, the financial sector comes in second with an average breach cost of $6.1 million.  Multiple industries have experienced an average increase of 10% in data breach costs, according to the latest IBM report.  Individual incidents continue to set record highs as well.  It is estimated that the recent breach of Change Healthcare could cost over $2 billion in incident response this year alone.

Based on reports from the HHS’ (Health and Human Services) Office for Civil Rights, hacking and ransomware have become a predominant factor in data breaches for the healthcare industry.  Case in point: a major breach at health savings account (HSA) administrator HealthEquity has resulted in the theft of 4.3 million individuals’ medical data.  One of the largest HSAs in the US, they hold a wide variety of personal data.  Among this information were names, telephone numbers, home addresses, Social Security numbers, and payment card data – all accessed by cyber criminals. 

As in numerous other cases, a compromised third-party vendor may be the source of the breach.  Recall the recent Snowflake incident, in which a credential stuffing attack led to a breach of this particular vendor.  Among Snowflake’s clients were Ticketmaster, MasterCard, DoorDash and ExxonMobil, making this one of the more widespread breaches since the SolarWinds hack.  Week after week we see demonstrated the risks posed by insufficient cyber protections from a business’ third-party associates.

Now, HealthEquity is facing a legal investigation.  And while the bits of payment card data stolen weren’t all-encompassing on their own, there were enough pieces for bad actors to cobble together more complete pictures, for further use in identity theft and other fraudulent schemes.  Stealing healthcare and financial data together allows for more options and more flexibility.  Take children, for instance.  They might not have active accounts or credit cards, but if their personal data is exposed in a breach as a dependent of their parents, a cyber criminal could use it to take out credit in their name.  

This could go on for years without the family’s knowledge, only realizing it when the child finally comes of age and tries taking out a credit card for themselves.  Only then, when the damage has been done, will the truth be discovered.  Nor will the organization responsible be spared their own headache, if the current price tags of data breaches are any indication.  

Since 40% of breaches involve data stored across multiple environments, according to the IBM report, the attack surface for hackers is larger than it has ever been.  To hoist as strong a cyber shield as possible, organizations must consider encryption in their overall defense policy.  NetLib Security’s Encryptionizer solution effortlessly protects yourstored data across all environments – physical, virtual and cloud.  With virtually no impact on performance and no additional programming required, Encryptionizer transparently encrypts data on servers, legacy systems, devices and distributed applications, serving as a valuable tool to protect, manage and defend against data breaches.