RSS Feed Link

Startup healthcare firms vulnerable to hackers

Brian O'Connell on December 07, 2011 Source: Kauffman Foundation

The U.S. Secret Service is the government organization (along with the Office of Homeland Security) tasked with the burgeoning problem of company security breaches.

The Secret Service considers the issue of breaches – more colloquially known as “hacking” – a critical issue, and one that has the potential to ruin scores of small businesses.

Now, a new study from the agency, with assistance from communications giant Verizon, shows that the problem of hacking and security intrusions against small companies is much worse than law enforcement officials originally suspected.

The report notes that, by and large, small businesses don’t have the capacity or the finances to adequately protect themselves against hackers. The report also says that such companies tend to hold critical data (including the names and financial information of customers) in single-source, highly vulnerable places like non-secure computer databases that are easy for cyber-thieves to crack open and take valuable data.

How bad can it get? The report paints a picture of an anonymous small business owner walking into work on Monday morning and finding that the data on all 12 of his company computers is completely wiped out – with little hope of getting the data back.

A separate study, this one from Symantec Corp. and the Ponemon Institute, says that even if you can get that data back, it costs on average $214 per compromised record to handle. If you have a client base of over a thousand customers or so, that can lead to financial catastrophe for many young healthcare companies.

Worse, when you report the issue to law enforcement authorities, you may have just opened you and your firm up to a bevy of fraud liability lawsuits – enough to take down your company and then some.

The Symantec/Ponemon study offers a litany of eye-opening security breach statistics for startup healthcare business owners to peruse. Here’s a good sample, straight from the study:

  • Rapid response to data breaches is costing companies 54 percent more per record than companies that moved more slowly. Forty-three percent of companies notified victims within one month of discovering the breach, up seven points from 2009. In 2010, these quick responders had a per-record cost of $268, up 22 percent from 2009; companies that took longer paid $174 per record, down 11 percent.
  • Malicious or criminal attacks are the most expensive and are on the rise. In this year’s study, 31 percent of all cases involved a malicious or criminal act, up seven points from 2009, and averaged $318 per record, up 43 percent from 2009.
  • Negligence remains the most common threat. The number of breaches caused by negligence edged up one point to 41 percent and averaged $196 per record, up 27 percent from 2009. This steady trend reflects the ongoing challenge of ensuring employee and partner compliance with security policies.
  • Data breach costs have continued to rise. The average organizational cost of a data breach this year increased to $7.2 million, up seven percent from $6.8 million in 2009. Total breach costs have grown every year since 2006. Data breaches in 2010 cost companies an average of $214 per compromised record, up $10 (5 percent) from last year.

That’s a lot to absorb for any small business owner, let alone the owner of a small healthcare firm that has a good chance of handling tens of thousands of client medical records in its databases.

What can such business owners do to alleviate the problem? The Symantec report says to start by turning to tried-and-true remedies like investing in a security encryption program. That and stronger employee training and awareness programs were the most successful methods used by small companies to thwart cyber hackers.

Also, install and monitor backup computer security software, and invest in tracking software that tells you where your data went in the event of a fraud theft. Additionally, it’s a good idea to keep a trained attorney on call to deal with the immediate aftermath of a hacking event – just in case.

Hacking isn’t an issue that’s going away. As a small healthcare business owner, your best defense is to know what the stakes are and take preventive steps to decrease the odds of a security breach ever occurring.

In the case of your data security, a good plan isn’t a luxury; it’s a necessity.

  • 1
comments powered by Disqus