According a study performed by The Ponemon institute, which is also quoted by the Department of Health and Human Services in the Interim Final Ruling on Breach Notification, the total cost of a data breach is an average of $202 per record (of which an $152 pertains to indirect cost including abnormal turnover or churn of existing and future customers).  A breach of just 499 records could cost $100,798 over the long term. The same report states that health care and financial services are the two industries experiencing the highest average rate of churn. It should be noted that, according to the same study, lost or stolen laptops/mobile devices account for 35% of all data breaches.

..

Laptop and mobile device encryption technology is readily available.  Implementing encryption in other vulnerable areas such as file shares, removable storage, and even e-mail greatly reduces the potential for invoking your breach notification plan. By reducing the availability of unsecured protected health information (PHI) in your IT systems you can greatly reduce the chances of having to notify individuals in case of a breach.