large dollar cost

Healthcare Data Breach Costs Through the Roof

Healthcare data breach costs are higher than any other industry, according to a recent study by Ponemon Institute and IBM. According to the report published July 28, the average cost of a data breach incident (of the surveyed companies) is $4.24 million, the highest it has been since the annual study began 17 years ago. Healthcare costs were more than twice as high. According to the report,

“Healthcare breaches cost the most by far, at $9.23 million per incident – a $2 million increase over the previous year.”

The study analyzed real-world data breaches experienced by over 500 organizations. The findings suggest that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% (among all companies) compared to the prior year. A similar study came out in March with similar findings. The 2021 Breach Barometer by Protenus and looked at healthcare data breaches in 2020 compared to 2019.

This year’s IBM report emphasizes four recent trends among the companies studied:

  • Working from home: The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)
  • Soaring costs of healthcare breaches: Some industries undertook significant operational changes during the pandemic (healthcare, retail, hospitality, and consumer manufacturing/distribution) – those experienced a substantial increase in data breach costs year over year with healthcare leading all of them, at $9.23 million per incident – a $2 million increase over the previous year.
  • Compromised credentials were most common point of entry: Stolen user credentials were the most common cause of breaches. The most common type of information exposed was customer personal data (such as name, email, password) with 44% of breaches including this type of data. “The combination of these factors could cause a spiral effect, with breaches of username/passwords providing attackers with leverage for additional future data breaches.”
  • Modernize to reduce costs: The companies that had adopted more modern techniques like AI, security analytics, and encryption reduced the cost of breaches, saving between $1.25 million and $1.49 million compared to those who did not use these tools.

Follow HIPAA for Improved Security

Although cybersecurity risks are increasing, there are key steps you can take to reduce risks and lower costs. Prevention is key. An annual HIPAA Risk Analysis will identify gaps and give you a roadmap for Risk Management.

Everything you need for HIPAA compliance and answers for all your questions are available at The HIPAA E-Tool®.

You can download the full Ponemon/IBM report here The 2021 Cost of a Data Breach Report

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms & Conditions | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124