CommonSpirit, the merged company of CHI Health and Dignity Health, previously suffered a ransomware data breach in 2022 that affected 623,774 patients. Maybe it's unfair for us to post about their latest quarterly report, which reportedly details $160M in related business losses. After all, CommonSpirit is one of the largest U.S. nonprofit healthcare systems and we read that the average breach costs are probably closer to $10M. But HIPAA-compelled entities come in all sizes and it's rare for us to read anything that shows the actual cost of a HIPAA-related data breach.
So what's the takeaway from this post? As consultants working the space, we recommend our clients understand their insurance limitations, their protected health information exposure, and their risks. We cannot help but to believe that it's less expensive to ensure a program that is compliant, secure and risk aware than it is to pay out millions and suffer increased insurance premiums for years.
Stay (HIPAA) safe, Alan -