Data breaches in healthcare are more expensive than in any other industry.
The average cost of a healthcare data breach is $11 million, more than twice the average of all sectors combined according to the latest report from Ponemon Institute and IBM Security, the Cost of a Data Breach Report 2023. This is the highest average cost of any industry for the 13th consecutive year. According to the report, these high levels are related to healthcare’s high levels of regulation, its status as critical infrastructure, and the increases in breaches since the beginning of the COVID-19 pandemic.
- The average cost of a data breach across sectors reached an all-time high in 2023 of $4.45 million. This represents a 2.3% increase from the 2022 cost of $4.35 million. Since 2020, the average cost has increased 15.3% from $3.86 million.
- Since 2020, healthcare data breach costs have increased 53.3%.
The researchers looked at data from over 553 breaches in 16 different countries over a 12 month period from March 2022 through March 2023.
Some highlights:
- Ransomware is still a major cause of breaches. Nearly a quarter of all cyberattacks in the study involved ransomware and they cost organizations $5.13 million on average. Involving law enforcement early is a key factor in helping lower ransomware costs.
- Eighty-two percent of the breaches studied involved data stored in the cloud. Attackers often gained access to multiple environments, with 39% of breaches spanning multiple environments and incurring a higher-than average cost of $4.75 million.
- Costs of data breaches are higher in the U.S. than any other country or region in the study, with the average total cost at $9.48 million.
- Phishing and stolen or compromised credentials were the two most common initial attack vectors, responsible for 16% and 15% of breaches, respectively.
- The earlier a breach is detected, the less it will cost.
- Software supply chains and third-party vendors – HIPAA Business Associates – continue to bring breach risks.
- Insider threats continue to be a factor.
Prevent and Reduce Data Breach Costs
The easiest way to strengthen cybersecurity and reduce data breach costs is to follow HIPAA. Make sure your policies and procedures are up-to-date. Use the Security Rule Checklist, conduct an annual HIPAA Risk Analysis and provide workforce cybersecurity training to prevent a breach, or help you respond in case one happens.
Be sure to conduct due diligence with all third-party vendors and business associates
Two excellent cybersecurity guides are:
- CISA Insights (Cybersecurity & Infrastructure Security Agency) on cybersecurity measures.
- StopRansomware.gov, a centralized government webpage providing ransomware resources and alerts.
If you need help today, or if you have questions, let us know. We’ve done the research and we have the resources. Complete, affordable and up-to-date HIPAA compliance is easy to use and ready to go.