Different regulations and laws will slap organizations with fines and penalties for data breaches. This is because the organization did not take the privacy of their data seriously. However, the authorities take this responsibility very seriously and will not hesitate to punish with fines and penalties that are sometimes in the hundreds of millions of dollars, if not more.
This article will detail the eight largest data breach fines and penalties and will present the most up-to-date list of the largest breach fines and penalties, from smallest to largest.
Cost of non-compliance in healthcare
The cost of non-compliance for a data breach varies from industry to industry. Before we start our countdown, it should be noted that data breaches in healthcare are the costliest per breach. This is due to the strict regulations in the Health Insurance Portability and Accountability act, or HIPAA. This particular regulation mandates high fines for breach to the tune of $429 per record.
The top 8 breaches
8. The University of Texas MD Anderson Cancer Center
The University of Texas MD Anderson Cancer Center suffered a breach that stemmed from three separate data breaches from 2012 to 2013. These breaches caused the loss of personal health information, or PHI, of over 33,500 patients at the cancer center. All three incidents involved the loss of information due to a lack of encryption, which HIPAA mandates. For these HIPAA violations, the cancer center was hit with a $4.3 million fine.
This represents one of the largest GDPR EU regulatory fines to date and it ended up costing Google the equivalent of $43 million when all was said and done. In January of 2019, France’s National Commission on Informatics and Liberty (CNIL) slapped the company with this hefty fine for violating (Read more…)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: https://resources.infosecinstitute.com/cost-of-non-compliance-8-largest-data-breach-fines-and-penalties/