Inside TDV - The Data Vault Blog

The Cost of a Data Breach

Over 4 million records with social security numbers or financial information have been breached in the 137 incidents made public so far this year. These numbers are from the Privacy Rights Clearinghouse chronology of data breaches, a database updated every two days. If each breached record represents a financial loss, then it is no wonder that information governance and records management have taken a prominent seat in so many boardrooms.

ARMA International’s most recent (March/April) issue of Information Management offers a couple of Upfront items to drive home the impact: First, the Ponemon Institute found that healthcare organizations spend an average of $6B each year on data breaches; the average cost of a single breach is $2M over two years. Billing and medical recordkeeping are the areas cited as most vulnerable to data loss or theft. Although the losses are significant, a Kroll Ontrack survey found among the 50% of businesses that regularly erase sensitive data from old computers and hard drives . . . 75% do not delete data securely, leaving them vulnerable to data breaches.

Blame it on the 24-hour news cycle, but local stories exposing companies that fail to protect sensitive information abound. Recently, insurer HealthNet made the news after their second breach since 2009. This time, they lost nine server drives from their data center. The company has offered two years’ free credit monitoring, fraud resolution and credit file restoration to customers who may have been affected by the breach. In February, a nonprofit in North Carolina paid $3,000 in an agreement with the Attorney General after a local news story about sensitive documents retrieved from their industrial trash compactor caught the attention of the AG’s office. Although the company blamed a disgruntled employee, they decided to settle and pay the fine.

Here is a good news item to illustrate how hospitals in particular can embrace information governance and electronic records management. ARMA International reported recently about Saratoga Hospital in Saratoga Springs, NY, where they are making progress in data capture -- from equipping doctors with iPads to ER workstations with wheels. Chief Information and Compliance Officer John Mangona is leading the initiative, and you can read more about his progress in the local article on

There is even more good news for KY hospitals, medical practices, pharmacies, labs and other medical facilities: The governor’s office announced this month that Kentucky continues to forge ahead with efforts to adopt electronic health records (EHRs). The state has federal approval for the initiative and will continue offering incentive payments to hospitals and providers for EHRs that link to the Kentucky Health Information Exchange (KHIE).

Recordkeeping Recommendation

Before you shred, recycle, donate or otherwise repurpose an old hard drive, run a program like Secure Erase or BCWipe to clear data from the drive.

Written by: AGriffin


Get Your Quote

  • This field is for validation purposes and should be left unchanged.