Banner

Article

Average health care data breach costs almost $11 million

Author(s):

Todd Shryock

Health care continues to lead all sectors with the most expensive data breaches

The average cost of a health care data breach is now $10.93 million, an 8% increase from a year ago, when the average cost topped $10 million for the first time, according to IBM’s Cost of a Data Breach Report.

Cybersecurity: ©Adam121 - stock.adobe.com

Cybersecurity: ©Adam121 - stock.adobe.com

The health care sector continues to be a prime target for hackers, leading all other industries for the 13th consecutive year when it comes to expensive data breaches. The average cost of a data breach across all industries is $4.45 million, less than half of what the average health care breach costs.

“We're seeing a very big increase for health care organizations, probably because they're really in the crosshairs of attackers. And there is no relenting so far,” said Limor Kessem, a senior cybersecurity consultant for IBM Security, in a statement.

Despite being targeted, many health care organizations are not as sophisticated in their cybersecurity defenses because health systems have had trouble attracting top cybersecurity talent because they don’t pay as well as other industries.

“Security folks are going to work for places where they could get the bigger paycheck, and it's not always going to be a health care organization,” Kessem said. “It's a tough industry to get very skilled staff.”

Experts say that health care will continue to be a top target for hackers

“Health care will always be an attractive target for threat actors because of the valuable data they collect and store,” said Emily Phelphs, director, Cyware, in a statement. “Adversaries don't only outnumber available cybersecurity pros; they collaborate effectively too. To mitigate the risks, health care organizations should leverage automation tools that enable lean security teams to efficiently address threats, they should ensure they invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics such as phishing attacks, and they should consider partnering with security providers that can act as an extension of their teams, gaining expertise that is more difficult to resource and retain internally.”

Stephen Gates, principal security SME, Horizon3.ai, says health care organizations need to do more to protect themselves.

“The health care industry is being impacted by an enormous threat landscape with vast numbers of threat actors who are looking to breach organizations' networks, steal their data, hold them for ransom, and potentially destroy their businesses,” said Gates in a statement. “The defensive technologies they have in place are proving to be insufficient in blocking today's attacks. Continuously assessing your network attack surface, finding your weaknesses, remediating them immediately, and verifying that your remediations worked is the best way organizations can stay ahead of attackers.”

Related Videos
Dermasensor
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Related Content
© Studio Romantic - stock.adobe.com
November 22nd 2024

Are telehealth visits for pediatric primary care associated with higher rates of health care utilization?

Is too much regulation stifling health care innovation?
October 10th 2023

Is too much regulation stifling health care innovation?

© Nuttapong punna - stock.adobe.com
November 18th 2024

Analysis of AI cognitive threshold identifies cost-efficient strategy for health care implementation

Artificial Intelligence in medicine: what it means for primary care
October 17th 2022

Artificial Intelligence in medicine: what it means for primary care

Can ChatGPT be useful for physicians?: ©Rokas - stock.adobe.com
November 15th 2024

Can Chat GPT Plus prove its overall effectiveness in health care settings?

Ransomware on the rise: ©Vchalup - stock.adobe.com
November 15th 2024

Ransomware surge highlights critical cybersecurity gaps in health care