Rallying Support for Security InvestmentsNew Method for Quantifying Breach Costs, Justifying Spending
Security specialists need help "putting together a business case to garner more investment in protecting sensitive patient information," says Rick Kam, who led the PHI Project, which produced the report.
The study, "The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security," offers a plan for assessing an organization's security risks and provides formulas for quantifying the potential costs of breaches that could result if those risks aren't mitigated (see: Measuring Potential Breach Costs). In this way, security professionals can more precisely demonstrate how specific security investments could help avert specific costs, Kam says.
In an interview, Kam:
- Describes how the American National Standards Institute's Prevention and Identity Management Standards Panel collaborated with the Santa Fe Group/Shared Assessments Program Healthcare Working Group and the Internet Security Alliance to create the report;
- Outlines a five-step process for quantifying the potential costs of breaches, based on an organization's risks; and
- Tells how security professionals can use that breach cost information to help justify specific investments.
A free webinar describing the full report will be held March 21.
Kam, CIPP, is president and co-founder of ID Experts. The company has managed hundreds of data breach incidents for healthcare organizations, corporations, financial institutions, universities and government agencies. He has extensive experience helping organizations address the growing problem of protecting personal information and remediating privacy incidents, identity theft and medical identity theft.