““[I]n the continuum of the cybersecurity issues we look at, [healthcare security] is obviously critical as this is one that affects everyone.””
- National Cybersecurity Coordinator for the White House, Howard Schmidt’s opening remarks, launching the joint ISA-ANSI-Santa Fe Group Financial Risk publication focused on the Health Care Industry (March 2012).
Geared toward the healthcare industry, ISA and ANSI launched its third joint publication in the highly successful and acclaimed Financial Management of Cyber Risk series at a March 5, 2012 National Press Club Event opened by National Cyber Security Coordinator for President Obama, Howard Schmidt. The title of this publication is “The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security” and is available for download. That same day, our outreach efforts continued at a standing-room-only Capitol Hill Briefing kicked off by Joy Pritts, Chief Privacy Officer for the U.S. Dept. of Health and Human Services’ division overseeing IT integration.
Successful in its own right, this publication builds upon the enterprise-wide risk management approach developed and promoted by ISA and included in its prior ISA-ANSI joint publications of Financial Risk Management: “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask” (2008) and “The Financial Management of Cyber Risk: An Implementation Framework for CFOs.” In this third publication, we describe the prevalence of protected health information breaches, its higher resale value compared to other stolen information, and provide a five-step formula (known as PHIve) to help estimate the financial impact of such a breach/theft.
In describing this formula, Mr. Schmidt stated that it “would help health care companies move more quickly to protect their patients’ electronic records by providing IT professionals a way to estimate the financial impact of a breach and to convince executives to invest in security infrastructure.” The press seems to agree, having been featured in over 50 articles (and growing) in such publications as Bloomberg, the American Medical Association’s Newsletter, CIO Magazine, Computer World, etc.