Cyber security compliance failures can lead to big losses

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

A Massachusetts hospital learned the hard way that HIPAA compliance is NOT optional.  Hospital staff filed a complaint back in 2012 because the medical center was using Web-based document sharing for protected health information.  A HIPAA breach followed in 2014 due to lack of adequate security policies.  A settlement of $218,400 was reached with the Office for Civil Rights based on the potential exposure of 500 patient records via the document sharing.  The hospital will also be required to show proof that they are remediating the HIPAA compliance gaps with unannounced on site spot checks to assess the policy and procedure implementations.

A Tennessee based retailer was hit with more than $13 million in fines by Visa for non-compliance with the Payment Card Industry Data Security Standards (PCI DSS) after a breach.  Visa is among the credit card processors that self-regulate PCI compliance and are given authority to fine organizations for violations in maintaining the standards.  The retailer is now in a costly multi-year legal battle with Visa to try and recoup some of the fines.

Don’t think you’re immune just because you may not be subject to HIPAA or PCI regulations.  An organization with 500 records that include social security #s (staff, past employees, clients) could face losses of $2,127 PER RECORD or $1,063,613 using HUB International’s data breach cost calculator estimates.

5 action steps to take to lessen your risks include:

  1. Assess current level of compliance with regulatory or NIST cyber security standards
  2. Remediate gaps
  3. Run regular security testing (vulnerability scans, pen testing, and social engineering to check staff’s cyber security awareness)
  4. Monitor your network and make sure to investigate any suspicious behaviors to detect a breach or attempted breach as quickly as possible
  5.  Educate staff at all levels about the importance of cyber security and the risk to the organization if it is not a top priority.  Have an Incident Response plan so everyone understands their roles and what steps need to be taken should a breach occur.
Foresite admin
Website | + posts

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform