Healthcare data breach costs are higher than any other industry, according to a recent study by Ponemon Institute and IBM. According to the report published July 28, the average cost of a data breach incident (of the surveyed companies) is $4.24 million, the highest it has been since the annual study began 17 years ago. Healthcare costs were more than twice as high. According to the report,
“Healthcare breaches cost the most by far, at $9.23 million per incident – a $2 million increase over the previous year.”
The study analyzed real-world data breaches experienced by over 500 organizations. The findings suggest that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% (among all companies) compared to the prior year. A similar study came out in March with similar findings. The 2021 Breach Barometer by Protenus and databreaches.net looked at healthcare data breaches in 2020 compared to 2019.
This year’s IBM report emphasizes four recent trends among the companies studied:
- Working from home: The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)
- Soaring costs of healthcare breaches: Some industries undertook significant operational changes during the pandemic (healthcare, retail, hospitality, and consumer manufacturing/distribution) – those experienced a substantial increase in data breach costs year over year with healthcare leading all of them, at $9.23 million per incident – a $2 million increase over the previous year.
- Compromised credentials were most common point of entry: Stolen user credentials were the most common cause of breaches. The most common type of information exposed was customer personal data (such as name, email, password) with 44% of breaches including this type of data. “The combination of these factors could cause a spiral effect, with breaches of username/passwords providing attackers with leverage for additional future data breaches.”
- Modernize to reduce costs: The companies that had adopted more modern techniques like AI, security analytics, and encryption reduced the cost of breaches, saving between $1.25 million and $1.49 million compared to those who did not use these tools.
Follow HIPAA for Improved Security
Although cybersecurity risks are increasing, there are key steps you can take to reduce risks and lower costs. Prevention is key. An annual HIPAA Risk Analysis will identify gaps and give you a roadmap for Risk Management.
Everything you need for HIPAA compliance and answers for all your questions are available at The HIPAA E-Tool®.
You can download the full Ponemon/IBM report here The 2021 Cost of a Data Breach Report