Data breaches are happening on a frequent basis. You can’t read the news or watch TV without hearing about another data breach. While a company may give out some details of a data breach, the financial details of what the data breach will cost a company usually are not disclosed. This is especially true with non-public companies. Regardless of whether a company states how much the breach will cost them, one thing is true:
Breaches are expensive!
The data breach at Athens Orthopedic is a clear example of some of the costs that are associated with data breaches. The details of the data breach, which affected nearly 200,000 patients, can be found here.
A company usually offers credit monitoring to affected individuals of a data breach. They do this to minimize the harm to those individuals. In a surprising announcement, Athens Orthopedic said that they would not offer credit monitoring because the costs were too expensive.
Many patients are upset and frustrated with the situation …,” Kayo Elliott, CEO of Athens Orthopedic Clinic, said in the statement. “And of course, they wish we could pay for extended credit monitoring. So do we. We truly regret that we are unable to do so, as we are not able spend the many millions of dollars it would cost us to pay for credit monitoring for nearly 200,000 patients and keep Athens Orthopedic as a viable business. I recognize and am truly sorry for the position this puts our patients in.”
It seems that the cost of credit monitoring would impact the business and potentially put them out of business.
While it is fine to issue a statement and for the CEO to say he is sorry, if you are one of the affected patients I suspect you are not very happy to hear this. Will affected patients leave the practice? Will new patients avoid using the practice? The lost revenue of both are hidden financial costs of a data breach.
As stated before, breaches are expensive! It is much cheaper to prevent breaches and to purchase cyber insurance that will help with the cost of data breaches. Unfortunately this message falls on a lot of deaf ears. Many businesses don’t believe that they will be a victim and don’t take steps to avoid and prepare for data breaches. Like Athens Orthopedic, they learn the lesson the hard way.