rising data breach cost

Data Breach Costs Keep Rising

Data breaches in healthcare are more expensive than in any other industry.

The average cost of a healthcare data breach is $11 million, more than twice the average of all sectors combined according to the latest report from Ponemon Institute and IBM Security, the Cost of a Data Breach Report 2023. This is the highest average cost of any industry for the 13th consecutive year. According to the report, these high levels are related to healthcare’s high levels of regulation, its status as critical infrastructure, and the increases in breaches since the beginning of the COVID-19 pandemic.

  • The average cost of a data breach across sectors reached an all-time high in 2023 of $4.45 million. This represents a 2.3% increase from the 2022 cost of $4.35 million. Since 2020, the average cost has increased 15.3% from $3.86 million.
  • Since 2020, healthcare data breach costs have increased 53.3%.

The researchers looked at data from over 553 breaches in 16 different countries over a 12 month period from March 2022 through March 2023.

Some highlights:

  • Ransomware is still a major cause of breaches. Nearly a quarter of all cyberattacks in the study involved ransomware and they cost organizations $5.13 million on average. Involving law enforcement early is a key factor in helping lower ransomware costs.
  • Eighty-two percent of the breaches studied involved data stored in the cloud. Attackers often gained access to multiple environments, with 39% of breaches spanning multiple environments and incurring a higher-than average cost of $4.75 million.
  • Costs of data breaches are higher in the U.S. than any other country or region in the study, with the average total cost at $9.48 million.
  • Phishing and stolen or compromised credentials were the two most common initial attack vectors, responsible for 16% and 15% of breaches, respectively.
  • The earlier a breach is detected, the less it will cost.
  • Software supply chains and third-party vendors – HIPAA Business Associates – continue to bring breach risks.
  • Insider threats continue to be a factor.

Prevent and Reduce Data Breach Costs

The easiest way to strengthen cybersecurity and reduce data breach costs is to follow HIPAA. Make sure your policies and procedures are up-to-date. Use the Security Rule Checklist, conduct an annual HIPAA Risk Analysis and provide workforce cybersecurity training to prevent a breach, or help you respond in case one happens.

Be sure to conduct due diligence with all third-party vendors and business associates

Two excellent cybersecurity guides are:

  • CISA Insights (Cybersecurity & Infrastructure Security Agency) on cybersecurity measures.
  • StopRansomware.gov, a centralized government webpage providing ransomware resources and alerts.

If you need help today, or if you have questions, let us know. We’ve done the research and we have the resources. Complete, affordable and up-to-date HIPAA compliance is easy to use and ready to go.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU