As a cannabis business owner you may ask yourself why data security is important and what’s the real risk? The reason data security is so important is directly tied to the risk of associated with a data breach, which is money. A data breach for even a cannabis company can have costly financial consequences. Data security is all about financial loss. Data is an asset that must be protected. Loss of clients/customers private information can lead to fines, lost sales, judgement, damages or more. Often the financial impact is not always immediately known depending on how soon the breach is discovered if it wasn’t prevented.
For cannabis related businesses a data breach could have an even greater impact if a the business is considered a health care provider. If you are a cannabis dispensary or testing lab in a state where marijuana is only legal for medicinal use, those businesses may be under greater scrutiny and subject to greater regulations when it comes to a data breach. These business will have personal information such as home addresses and phone numbers, but also medical information. Patients’ medical history could be used to blackmail them if they don’t want their medical history publicized, making the information specifically valuable. Specific provisions of the HIPAA Act protect health care information from fraud and abuse, and when violated carry heavy penalties.
Providers continue to struggle with cyber-security, and phishing expeditions are a frequent culprit. They can result in a painful hit to a company’s bottom line and negative publicity exacerbated by lawsuits. Healthcare organizations spend more than $400 per record lost or stolen after a data breach, the highest of any industry reviewed in a recent analysis by IBM Security.
A study by Accenture and the American Medical Association found four out of five doctors have experienced a cybersecurity attack. The majority involved phishing, followed by computer viruses.
In a Mimecast and HIMSS Analytics survey, providers ranked email the No. 1 source of potential data breaches. More than 90% of respondents said email was critical to their organization, and eight in 10 said they use it to send personal health information, typically to other providers.
Financial loss and regulatory concerns are key factors to protect against a data breach, there is also the issue of loss productivity. Employees will in most instances be required to deal with customer issues and concerns once the breach is made public. Data loss can also result in certain programs and applications not working properly or not working at all. Certain security features may be disabled and require specialists to update and re-secure the network. The reality is even the best data security systems are vulnerable. While it is very important to have a strong data security system in place, S2S Insurance strongly suggests maintaining a data breach insurance policy to mitigate the risk. Data breach insurance protects business owners from legal liability resulting from this type of breach, whether the information is leaked electronically or by some other means such as a paper file. It is important to remember that policy limits do apply and to review your policy with a trained S2S Insurance agent and an attorney. Do not let hackers cost you hundreds of dollars per file due to not being prepared. Have a strong data security system in place and have the peace of mind with a data breach insurance policy.