CHS data breach estimated price tag: $150 million

Huge price tag, is the solution more ‘white hat hacker/crackers’, get a clue, C-Suite and why China leads in hacking (important updates!)

Dan Munro in Forbes got out his calculator and estimated that the cost to Community Health Services, based on prior incidents, may be as high as $150 million. He bases it on recent poster children Columbia-NY Presbyterian and BlueCross BlueShield of Tennessee. The message to healthcare business executives: pay now–by beefing up HIT and data security–or pay later in rush remediation of data breaches like identity theft protection, Office of Civil Rights-HHS fines, potential insurance fraud,  legal charges and damages awarded. On the latter, it took only hours after the announcement for the first class action to be filed in Alabama.

Of course cybersecurity experts, particularly the ‘white hat’ or ‘cracker’ variety, are in increasingly high demand across all business areas and internationally–and there aren’t many at that exalted level or even a rung or two below. Their commensurate compensation is one factor, but calls to hire less expensively overseas as explored in this article are, in this Editor’s estimation, a two-edged sword: much hacking, many sleeper bugs and ‘backdooring’ are engineered overseas (China, Russia, the Balkans, India); what is to say that these ‘former hackers’ aren’t playing both games? Cybersecurity’s hiring crisis: A troubling trajectory (ZDNet)

The C-Suite Must Care…The Workforce Must Be Aware

Since data security and data breaches threaten to swamp many sectors (universities and colleges, even more than healthcare, rank as the most vulnerable), the solution may not be wholly in the code. Daniel J Solove, a professor of law at George Washington University Law School and CEO of TeachPrivacy, takes a different look at how organizations should respond and identifies the two most important things to prevent data breaches with the catch-phrase above, explained below:

  • The C-Suite must understand the risks, the law and the importance of compliance–which they do not at present, and now the costs are totaling in the hundreds of millions. (Which may make them understand tout de suite!)
  • Significant attention must be given to address human behavior–90 percent of malware requires a human interaction to infect a computer or system. To prevent this, awareness and training are key.

The full webinar (Data security: risks, law and human behavior) is posted on BrightTalk (free registration required) and is 45 minutes, but the investment in time is a bargain in information–particularly if you’re a VP of HIT trying to convince the C-Suite to increase the IT security budget line. LinkedIn also has an ‘executive summary’ article by the author.

Update 26 Aug: VentureBeat puts more emphasis on the Chinese hacking into the company’s VPN via Heartbleed and great visual. Also tracing the blame–who’s really behind APT18, identified by FireEye/Mandiant as the perps? China’s government (=PLA) has been identified as behind hacks into pharma and service companies in the oncology area, to deal with the soaring cancer rate in the country. Chinese government has a clear motive to steal U.S. health data (VentureBeat); FireEye blog on ‘Searching for the cure‘.

Previously in TTA:  The drip of data breaches now a flood: 4.5 million records hacked–updateFBI ‘Flash Alerts’ health organizations about hacker attacks


Categories: Latest News.