Regardless of if you are one of the most feared and powerful government agencies, or a well-known health industry provider, data breaches have become as much a serious economic issue as they have a liability. This week in the news we saw both the IRS and CareFrist (the largest healthcare provider in the Mid-Atlantic) take serious data security hits with hackers accessing more than 100,000 taxpayer’s files and the personal information of more than 1.1 million patients. Both organizations will face tremendous financial costs to rectify the breaches as well as ensure the public that their information is safe.
On Tuesday, the Internal Revenue Service (IRS) announced that hackers gained unauthorized access to the agency’s online service called, “Get Transcript” compromising 100,000 taxpayers’ files. The attackers got past a security screen that requires knowledge about the individual including their Social Security number, date of birth, tax filing status and street address, the IRS reported. “We’re confident that these are not amateurs, that these actually are organized crime syndicates,” IRS Commissioner, John Koskinen said. Security industry experts say this incident highlights that the internet is a database of personal information and one data breach can easily build on another.
CareFirst BlueCross BlueShield, a nonprofit organization that provides service for residents in Maryland, Washington and Virginia announced last week that hackers gained access to the personal information of more than 1.1. million customers. According to an article in TIME Magazine, this incident will make CareFirst the third Blue Cross and Blue Shield insurer targeted in recent years. The company’s CEO Chet Burrell commented on the situation, “We deeply regret the concern this attack may cause,” he told TIME Magazine. “We are making sure those affected understand the extent of the attack—and what information was and was not affected.”
The average cost of a data breach is $3.8 million, an increase from a reported $3.5 million a year ago, according to the Ponemon Group’s 2015 Cost of a Data Breach Study: Global Analysis released this week. The report found that the cost of breaches varies across industries and by geographic location. Healthcare and education sectors have suffered the highest breach costs and Germany and the United States were reported as the cost victim organizations. However, data breaches in Brazil and India cost the least, according to the study. The report also discovered that it takes an organization an average of “256 days to spot a data breach caused by a malicious attack, and 158 days to catch one caused by human error.”