With a data breach potentially costing millions in fines and lawsuits, it’s easy to get caught up in the financial losses when managing your Cyber security. However, reputation damage can be just as serious – have you considered this?
The financial hassles
Your practice has a Cyber breach. Your systems are down and you are unable to see patients or access and update their records. You spring into action to fix the issue and get your practice back up and running.
This obviously takes a lot of time and financial input. You will likely need to replace hardware and software and carry out a full IT security review. There is also the process of informing patients and the Information Commissioner’s Office (ICO) of a breach.
You could face fines of up to €20m or 4% of annual turnover under GDPR legislation. This could cripple any practice. On top of this, you could face a lawsuit if one or more patients decide to sue.
Drained of resources and money, could you get your practice back on track?
However, perhaps even more serious is the potential reputational damage.
You’ll likely be able to overcome the financial disruption, but will your reputation still be in tact?
Imagine that your practice has a data breach and your patients’ sensitive information becomes publicly available. This will likely be personal data and medical records, but could also mean credit card details. That thought is horrendous enough. You will have to inform your database that their details have been stolen and they will have to come to terms with the possibility of having their identity stolen.
If that patient was you, what would your first thoughts be? Would you lose confidence in the ability of your medical or dental practice to safeguard your data? Would you believe that they are careless? And if they can’t be trusted to protect your sensitive details, then can they be trusted to look after your health?
The reputational risks
When a data breach at TalkTalk meant that 150,000 customers’ details were compromised in 2015, they were fined £400,000 by the ICO. However, the bad press led to a fall in confidence and the company lost 95,000 customers, which cost £60m – significantly higher than the fine!
If you are unprepared to react to a data breach and handle it badly, or if a patient is particularly disgruntled, you run the risk of being unable to contain the media storm. A patient or family member may share their views on social media, or worse with the media/press. Local Facebook groups, for example, can have a lot of power in shaping views as people often take personal experiences into account when looking for recommendations.
Sometimes repercussions can be wider than you imagine. It could be another practice that actually is affected, but it brings a spotlight on the whole dental and medical industry. Charities, for example, have come under fire for poor data management and fundraising practices. Clearly not all charities are following bad processes, but it means that donors are less trusting to give up personal information across the board.
What can you do to protect your practice?
You need a solution that helps you to manage your financial losses and reputational risks. The best strategy is to avoid a Cyber breach altogether. However, in the unfortunate event that your systems are hacked, you need experts on your side.
Invest in a Cyber Liability insurance policy. You can get advice on how to mitigate the risks of Cyber attacks, staff training, and financial and legal support during a claim. You can also get help with PR and crisis management in order to protect your practice’s reputation and avoid future damage.