The legislation imposes a legal duty on dental practices to store patients’ health information securely, ensuring the information is not revealed accidentally and that no one gains unauthorized access to it via cyberattacks.
Fines for HIPAA violations are huge.
Penalties range from $100 to $50,000 per individual violation, with a maximum penalty of $1.5 million per calendar year. So far, in 2020, the OCR has collected a total $13.3 million in penalties, putting the average fine for this year at over $1.1 million.
Put simply, the costs of a data breach in HIPAA penalties alone at a dental practice can be ruinous for a business.
The average total cost of a data breach, however – once lost business, downtime, response efforts and notification activities have been factored in – averages even higher ($3.92 million, for all businesses, $7.13 million in the healthcare industry), according to IBM Security’s Cost of a Data Breach 2020 report.
Employees – The Root Cause of the Majority of Data Breaches
According to a separate study by Kaspersky Lab, 52% of businesses say it is their own employees that are their biggest weakness in cybersecurity.
Various other studies put the figure even higher, with human error accounting for as much as 90% of data breaches according to some.
A report from Kroll found that human error accounted for 88% of security incidents, while a recent Ponemon Institute study found that the number of cybersecurity incidents caused by employees has increased by 47% since 2018.
Results vary from survey to survey, but the overall trend is clear – the problem is getting worse, not better.
In the majority of cases, it is not intentional action that is to blame – rather a lack of education, training and due diligence.
The most common human mistakes include clicking on malicious links in phishing emails, opening unknown attachments and unwittingly sharing confidential information with bad actors posing as legitimate bodies.
These errors are driven by social engineering – a technique used by cybercriminals to deceive and manipulate individuals into divulging protected information for fraudulent purposes.
The fact of the matter is that your employees are your first line of defense when it comes to data protection.
They are your primary data protection agents – which is precisely why regular and ongoing security training needs to be baked into your operations to ensure optimal cybersecurity at all times.
The ROI of Cybersecurity Training
Training your employees to become adept data protection agents will of course incur a cost. However, once you consider the potentially monumental costs of a data breach, it’s clear that ongoing cybersecurity training is an investment, not a money pit.
But what is the ROI of cybersecurity training?
Of course, this type of training doesn’t generate revenue in and of itself – instead, as Infosec highlights, financial gain is measured as the dollar value saved as a result of reduced cyber risk.
There are other potentially profitable business benefits, too – such as gaining trust and recognition amongst patients as being cybersecure.
Cybint provides a simplified equation you can use to work out the ROI of cybersecurity training.
Infosec’s report reveals that data protection training works.
Citing figures from Osterman Research, employees who receive cybersecurity training – including password security, mobile security, removable media security, remote working, social engineering and simulated phishing training – are significantly better at recognizing security threats than those who have not received training.
In terms of ROI, Infosec calculates that security awareness training (SAT) produces a significant return on investment for both large (562%) and small (69%) organizations – and provides a security awareness training ROI calculator that you can use to measure your own organizations’ return.
HIPAA Compliant Data Protection from Central Data Storage
Your data protection agents – a.k.a. your employees – are your first line of defense in keeping your practice and patient data safe.
At Central Data Storage, we don’t just offer HIPAA compliant backup and recovery solutions for healthcare organizations, but full, round-the-clock service, data storage support and guidance on best practices for data protection and HIPAA compliance.
We help our clients develop policies, procedures, disaster recovery plans and cybersecurity training programs to ensure their whole business is protected, while our beyond-military-grade cloud storage and file sharing solutions keep your protected health information safe and secure no matter what.
Talk to us at Central Data Storage to find out more about our HIPAA compliant data protection solutions for dental practitioners. Call 1-888-907-1227 or email firstname.lastname@example.org.