These two new HIPAA settlements are meant to send a strong message about enforcement and accountability. The result for one of those cases was a record-setting settlement of $5.55 million.
As organizations work to determine their overall risk and risk response plans, data breach cost is an important figure in these calculations. But the science of estimating the total costs of a data breach cost remains elusive.
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its first resolution agreement with a business associate in June.
The average cost of a data breach continues to rise, up to $4 million per incident, over 2015 figures of $3.79 million. Since 2013, there has been a 29% increase in the average cost of data breaches.
The total number of breaches recorded by the 2016 ITRC Breach Report hit 489 last week, an increase of 19.8% over last year’s figures. Year-over-year, breaches in the Education sector are up 70 percent over 2015 figures.
A recent survey showed that 63% of organizations in Australia experienced a cybersecurity incident or breach in 2015, with more than half of them listed as “serious.” Large scale breaches such as those experienced by Kmart and David Jones, and widely publicized breaches at Aussie Farmers Direct and Queensland TAFE, rocked consumer confidence on the state of data security in Australia.
The Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, on behalf of ID Experts, shows the continued targeting of healthcare organizations, due in large part to the high value of healthcare data.
The Government in the UK recently released its Cyber Security Breaches Survey 2016, a survey which looks at the approach to cyber security by UK businesses in order to better inform Government policy and security recommendations to businesses. According to the report, two thirds of large UK businesses suffered a cyber attack or breach in the past year, with 68% of those breaches caused by viruses, spyware and malware that could have been avoided had basic cyber security practices been followed (as laid out in the governments Cyber Essentials scheme).