HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

IBM reports healthcare data breach costs hit record high $9.77 million

Written by Caitlin Anthoney | Aug 1, 2024 5:51:49 PM

The healthcare sector is bearing the brunt of rising data breach costs, with the average incident now costing $9.77 million, according to IBM’s latest cybersecurity report. 

 

What happened

IBM, in collaboration with the Ponemon Institute, studied 604 organizations affected by data breaches between March 2023 and February 2024. The breaches impacted industries across 16 countries, with leaked records ranging from 2,100 to 113,000. The average global cost of a data breach increased to $4.88 million, the largest increase since the start of the pandemic. 

The study also revealed that more than half of the organizations passed these costs onto customers through increased prices for goods and services. 

Moreover, healthcare breaches had the highest average cost at $9.77 million, continuing a trend since 2011.

 

Going deeper

The IBM report reveals that organizations experienced a 26% increase in severe staffing shortages compared to the previous year, leading to an average increase of $1.76 million in breach costs. 

In addition, those who used AI and automation in their security operations had the largest cost savings, reducing breach expenses by an average of $2.2 million. 

Overall, cybersecurity incidents averaged over $5 million and took 283 days to identify and contain.

 

What was said

“Businesses are caught in a continuous cycle of breaches, containment, and fallout response,” said Kevin Skapinetz, Vice President at IBM Security

Further stating, “As generative AI rapidly permeates businesses, expanding the attack surface, these expenses will soon become unsustainable, compelling businesses to reassess security measures and response strategies. To get ahead, businesses should invest in new AI-driven defenses and develop the skills needed to address the emerging risks and opportunities presented by generative AI.”

 

By the numbers

  • Global average breach costs $4.88 million.
  • Healthcare average breach cost is $9.77 million.
  • Lost business and post-breach activities cost $2.8 million (highest in 6 years).
  • 45% of breaches involve customer data (including protected health information).
  • 66% of organizations involve law enforcement in ransomware attacks.

 

Why it matters

The increasing cost of data breaches extends beyond the immediate victims as they are passed to consumers.

More specifically, in the healthcare sector where the financial impact is the greatest, these costs will influence pricing and patient trust.

 

The bottom line

As data breaches grow more costly, particularly in healthcare, organizations must improve their cybersecurity and consider the long-term implications of breaches on their finances and customer relationships. 

Ultimately, strengthening defenses and involving law enforcement in incidents can reduce costs and improve response times, protecting organizations and their consumers.

 

FAQs

What is the average cost of a healthcare data breach?

The average cost of a data breach in the healthcare sector is $9.77 million.

 

How long does it take to identify and contain a breach?

It takes an average of 283 days to identify and contain a breach involving multiple data environments.

 

What type of data is usually compromised in breaches?

Customer personal data, such as tax identification numbers, emails, and addresses, is involved in more than 45% of breaches.

In healthcare, it often includes protected health information (PHI), which is subject to the Health Insurance Portability and Accountability Act (HIPAA). PHI breaches expose patients to identity theft and financial fraud and undermine trust in healthcare providers. 

Furthermore, HIPAA violations can lead to legal penalties and reputational damage for healthcare organizations.

Learn more: HIPAA Compliant Email: The Definitive Guide