Healthcare executives who wait until they have a serious incident to hire a cybersecurity team have already failed on many levels. A serious reportable breach will likely cost an organization more in real dollars than any mythical savings claimed through prior cost avoidance.
The reasons vary, but generally speaking, large breaches will cost organizations more to mitigate the damages and safeguard compromised patient data than it would to have appropriately protect their organization in the first place. These breaches also put the security and compliance gaps in clear focus for the Board and external interested parties (e.g., regulators). The resulting mandates force organizations to address the gaps quickly, resulting in unrealistic schedules and inefficient actions.
Click here to read the full article.