The Rising Cost of Data Breach

October 28, 2015

cost of a data breach

IBM and the Poneman Institute released a global study in January that said the average total cost of a data breach has increased 23 percent in the last two years, up to $3.79 million.

The same study showed that the average cost paid by organizations for each lost or stolen record containing confidential information rose from $145 in 2014 to $154 in 2015. The largest increase was seen in the retail industry, where the average cost increased from $105 in 2013 to $165 in 2014.

The Cost of a Data Breach is Increasing

As today’s world becomes more and more digital, with so much sensitive data stored on drives of all sorts, optical media, cell phones, and various other forms of office equipment, there’s every reason to believe that the cost of a data breach is only going to rise over the next several years.

It’s important to know that just because a piece of technology no longer works, doesn’t mean that the information on it is no longer accessible. In fact, without destruction, most of it is pretty easily retrieved by someone who knows what they’re doing.

In 2003 researchers at MIT were able to recover 92.4 percent of sensitive information from 158 used hard drives. That sensitive information included not only corporate information, but names and contact information, emails, credit card numbers, social security numbers and medical records.

Security measures have improved dramatically since MIT’s study, and organizations have embraced the value of hiring Technology Asset Disposal Companies. While security has improved, so have hackers and data thieves. If you think that black markets where stolen information is sold only exist on TV shows and in the movies, you’ve got your head in the sand.

The following numbers should scare you a little bit: 80 percent of corporate desktops and laptops contain sensitive data. When it comes to IT personnel, only 34 percent have a secure process for hard drive destruction.

There’s far too much on the line, both monetarily and legally, for organizations not to hire experts to dispose of their technology assets when the time comes to refresh or upgrade. Avoid the rising costs of any kind of information breach by hiring an expert and trustworthy data destruction organization.

Community Health Systems faces data-breach class action

October 15, 2014

By Darius Tahir 

Posted: October 13, 2014 – 2:30 pm ET

Community Health Systems, the 207-hospital, 29-state operator, is facing a class-action lawsuit brought by a New Mexico woman, Briana Brito, over a data breach it reported Aug. 18.

The suit, filed in the 4th Judicial District Court in San Miguel County in New Mexico, is being handled by law firms Slack & Davis and the Branch Law Firm, which are meeting with additional potential class representatives in Las Vegas, N.M., on Oct. 15, and have fielded inquiries from other patients based in six other states interested in joining the lawsuit, Slack & Davis attorney Paula Knippa said in an interview.

Brito and her family contend in the suit (PDF) that they were treated at Alta Vista Regional Hospital, Las Vegas, N.M., at the time the breach took place. “As a result of defendants’ failure to implement and follow basic security procedures, plaintiff’s sensitive information is now in the hand of thieves,” according to the suit. The suit does not ask for a specific dollar amount in damages, but instead calls on a jury to determine that at trial.

A CHS spokeswoman declined to comment on the lawsuit, per company policy on pending lawsuits. Opposing attorney Knippa expects a formal response to be filed to his complaint by the end of the month.

The breach was a massive one: 4.5 million patient records were exposed, making it the second largest in HHS’ records, which date to 1997.

According to a CHS SEC filing describing the breach, the hack likely originated from China and focused on valuable non-clinical, non-medical data, such as “patient names, addresses, birthdates, telephone numbers and Social Security numbers.”

Hackers struck in April and June 2014. CHS offered identity theft protections to affected individuals.

CHS’ SEC filing anticipates the possibility of litigation, but does not expect it to have a material effect on its finances.

The law firms also are starting a national campaign, primarily on television, to alert potentially affected individuals about the data breach and potentially recruit them as clients as well.

The focus of the existing suit will likely be on Community Health Systems’ security procedures and the operator’s alleged tardiness in alerting patients about the dangers of the data breach, Knippa said.

“It’s uncertain at what point that information will be exploited. The problem is that personal information doesn’t change. The repercussions of this event could be felt for years,” she said.

Maxxum’s New CTO Eyes Healthcare and Other Markets

August 4, 2014

Plans to expand the company’s Secure IT Asset Disposal expertise

Minneapolis, MN — October 3, 2013 — Maxxum, Inc., a regional leader in Secure IT Asset Disposal services, today announced that Ray Davey has joined the company as its Chief Technology Officer. Davey’s charter is to further develop the company’s product and service capabilities, define technology strategies, and provide technical oversight for company operations.

Rich Woodward, Maxxum’s CEO, explains, “Ray’s IT leadership experience and deep understanding of business strategy are great assets to the company. We’ve grown nicely over the past 16 years; with Ray’s focus on new product and service development, aimed at strategic vertical markets, we expect to increase our value to clients.”

Davey has spent more than 20 years with technology and professional services companies like Hewlett-Packard, EDS, Cap Gemini, ESP, and Lorton Data. During his recent tenure at Lorton Data, the company deployed a first-to-market cloud-based product suite that garnered industry recognition for technology innovation.

“Maxxum is the last link in a chain of custody for sensitive data such as Protected Health Information (PHI) and other equipment-bound proprietary material. The number of devices storing information using non-volatile technology is growing at an alarming rate” states Davey. “Responsible entities must implement strategies to prevent unintentional data breaches when devices and equipment reach end-of-life. It’s my job to help Maxxum’s clients manage this risk by providing best-in-class secure data disposal services,” he continued.