Dive Brief:
- Healthcare remains the most expensive industry for responding to and recovering from data breaches, a rank the sector has held since 2011, according to a report by IBM and the Ponemon Institute.
- The average cost for a breach in the industry this year was $9.8 million, a decline from 2023 when the price tag reached $10.9 million.
- Still, expenses from healthcare data breaches far outstrip other sectors. Finance, the second costliest industry for data breaches, reported an average cost of $6.1 million.
Dive Insight:
The latest report from IBM and Ponemon found data breach costs across industries increased 10% this year, reaching an average of $4.9 million. Expenses from business disruptions and customer support and remediation drove the increase, according to the report, and more than half of organizations said they were passing costs onto their customers.
The spike, the largest since the COVID-19 pandemic, comes even as cybersecurity teams leverage automation and artificial intelligence to identify and contain breaches. Organizations utilizing AI lowered the damages from a data breach by an average of $2.2 million, IBM found.
In healthcare, cybersecurity has become a growing challenge as the industry manages more sizable data breaches that could expose sensitive health information. Breaches are also increasingly linked to hacking or ransomware, a type of malware that denies users access to their data until a ransom is paid, according to the the HHS’ Office for Civil Rights.
The sector has already seen major attacks and breaches this year. The cyberattack on technology firm Change Healthcare held up key tasks like payments to providers, eligibility checks, prior authorization requests and prescription fulfillment.
That incident could represent a huge data breach, affecting a third of people in the U.S., according to an estimate by parent company UnitedHealth Group in May. Responding to the attack could cost at least $2.3 billion this year, executives said on second-quarter earnings call in July.
Disruptions to patient care make the healthcare sector a prime target for cybercriminals, according to the IBM report.
Some attacks shut off access to critical technologies, like electronic health records, and force hospitals to delay procedures or divert ambulances. Some providers take weeks to fully recover.
The fallout from ransomware attacks can affect nearby hospitals too, according to a study published this spring in JAMA. Neighboring facilities saw elevated emergency department visits, while attacked hospitals experienced decreases in both emergency visits and inpatient admissions for weeks after an attack.
