Planning for Financial Impact of Data BreachesAttorney Laura Hammargren on Potential Costs and Ways to Minimize Them
Healthcare organizations need to plan ahead for the financial burden of data breaches stemming from cyberattacks and also take preventive steps to help minimize those expenses, says attorney Laura Hammargren of the law firm Mayer Brown.
"So many hospitals and healthcare providers do get hit [by cyberattacks] ... it is certainly something you may want to account for when you're planning your finances for the year," Hammargren says in an interview with Information Security Media Group. "What if there is a somewhat significant cost with an attack?"
Cyber insurance can help cover some of the costs, she notes. But, she adds, paying money upfront "to get your systems in pristine order," implement the latest security technologies and invest in training for employees can help save money in the long run, she says.
It's far easier to predict the cost of preventive measures compared to "a remedial measure after an attack has already happened," she stresses.
Besides the costs of responding to and mitigating the impact of a cyberattack - including forensic investigations, repairing and updating systems and software and handling breach notification - other costs can include fines from regulators, expenses associated with defending against class action lawsuits and even damage to the organization's reputation, she notes.
Plus, a recent report from Moody's Investor Service identified hospitals as one of the four business sectors - in addition to banks, securities firms and market infrastructure providers - that are most likely to suffer a weakened credit profile in the aftermath of a breach or cyberattack.
"I do think that people hadn't necessarily been thinking through that a credit service might start taking [a cyberattack] into account when assigning a credit rating," she says.
In the interview (see audio link below photo), Hammargren also discusses:
- Being prepared to alter an incident response plan depending upon the type of breach that occurred;
- Costs related to regulatory and legal issues;
- Other financial fallout resulting from breaches and cyberattacks.
Hammargren is the co-leader of Mayer Brown's healthcare practice and a partner in its cybersecurity and data privacy practice. She is based in the firm's Chicago office.