An Idaho data breach incident has set a potentially expensive precedent for small businesses that store customer data. Here’s what happened: someone stole a laptop that belonged to the nonprofit organization Hospice of North Idaho. On that laptop was sensitive information for 441 patients. Sources note that the thief was caught but the laptop was not recovered.
Unfortunately, the data on the machine was unencrypted, meaning it was immediately accessible and usable to anyone in possession of the laptop.
The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare providers to use encryption strategies to protect data, which means that Hospice of North Idaho was in violation of the law. The startling part? The U.S. Department of Health and Human Services slapped a $50,000 fine on the hospice.
Analysts seem to think the fine is intended to make a point: securing personal data is a top priority, and government regulators are ready and willing to enforce it – even when that means making an example of a nonprofit whose staff is one-third volunteers.
Why Small Businesses Are Juicy Data Breach Targets
A 2011 study by Javelin Strategy & Research found that entrepreneurs and small-business owners are 50 percent more likely to be victimized by data theft than consumers because they…
- Often have a wealth of consumer data stored without the formal, rigorous protections larger companies have in place.
- Tend to carry out a variety of business operations from one or two machines, making theft or hacking incidents more valuable.
- Frequently share passwords and other important security information with their team members, providing multiple access points.
The study found that the amount of money stolen from small businesses is only about five percent higher than that stolen from individuals, but this is a paltry silver lining. The cash amount a business loses from a data breach can pale in comparison to the cost of lost customer trust and, as the Idaho case shows, the cost of regulatory fines.
Avoid the High Cost of Data Breaches
Purchasing cyber liability insurance is a valuable component of protecting your business, but there is another part of the equation: prevention. To prevent regulatory fines from significantly increasing the potential toll a data breach can take on your company, be sure that you’re in compliance with all state and federal laws regarding information storage.
This might mean talking with an attorney or an insurance rep familiar with matters of cyber crime regulation, but any time or money you spend on the conversation could save you thousands of dollars and lots of headaches down the road.
Writtten by Brenna Lemieux - check her out at Google+ or Twitter