About Us |
Contact Us |
LexisNexis Business Solutions
Most risk management professionals know the adage, “An ounce of prevention is worth a pound of cure.” But in the digital age, you need more than an ounce of prevention when it comes to mitigating regulatory and reputational risk. It’s a lesson learned the hard way by one of the largest health insurers in the country when it discovered that personal data on nearly 79 million people was exposed through a cyberattack. Last fall, the company paid $16 million for non-compliance with HIPAA security rules after an investigation found that insurer lacked an enterprise-wide risk analysis process and failed to identify and quickly respond to suspected or known security breaches.
Regulatory fines only part of the cost of failed risk management
The $16 million penalty was just a drop in the proverbial bucket, however. Just a year before, the company settled litigation over the hacking incident—which occurred in 2014—for a whopping $115 million, which will be used to pay for two-years of credit monitoring for all those who had data exposed in the breach.
Beyond regulatory fines and class-action lawsuits, companies must consider hard-to-calculate costs like reputational damage and loss of trust, as well as business distraction. It’s hard to be forward-thinking and strategic when you’re looking over your shoulder all the time.
Unfortunately, hackers are just increasing the frequency and ferocity of attacks. What’s more, according to research by the Ponemon Institute, nearly 90 percent of healthcare organizations had a data breach in the past two years and 45 percent had five or more breaches. In fact, estimates based on the Ponemon study puts the cost of data breaches at $6 billion.
Moreover, healthcare-related organizations—from hospitals to pharmaceutical and bio-med manufacturers—face risk exposure from more than data breaches.
Complex supply chains increase risk exposure—from bad actions by the third-parties they rely on to disruption due to environmental disasters. Take Hurricane Maria which hit Puerto Rico in 2017. Puerto Rico happens to be the fifth-largest territory in the world for pharma manufacturing, producing about half of the world’s top-selling patented drugs.
The country is also a major source for IV bags that hold saline solution. Months later, hospitals across the U.S. were still struggling to bring in adequate supplies, particularly because of the severe flu season that hit on the heels of the hurricane.
At the time, CBS News reported, “Days of interruption and damage to manufacturing plants are affecting international supply chains for products such as cancer and HIV treatments, immunosuppressants for patients with organ transplants, and small-volume bags of saline, which are necessary for patients who need intravenous solutions.”
As a result, some hospitals postponed elective surgeries—an area that is typically a profit-center—to conserve their short IV bag supplies for critical care.
Taking a more proactive approach to risk management
Organizations across many industries face increased risk—evolving regulations, global supply chains, viral news and more. Keeping on a healthy trajectory demands a more robust approach to risk management.
Risk is inevitable, but companies that respond quickly and transparently are better positioned to control the situation. How confident are you in your current process?
3 Steps to Take Now