A 2013 settlement between a managed care company and the U.S. Department of Health and Human Services’ Office for Civil Rights resulted in the company paying $1.7 million over allegations it didn’t have proper protections in place to stop the improper disclosure of more than 600,000 individuals’ personal information.
Fast-forward a year and the same office settled a similar case with two New York hospitals at which nearly 7,000 patients’ information was compromised. The settlement figure: $4.8 million.
The takeaway: The cost of cybersecurity is increasing exponentially as is government enforcement, attempted breaches, the sophistication of the breaches and the lawsuits that follow a breach, attorneys who practice in this area say.
Scott S. Christie, a partner in McCarter & English’s cybersecurity and data privacy practice, said that if companies haven’t taken data security seriously yet, “now is the time…There’s going to be very little sympathy for you given everything that’s happened.”