• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Average health care data breach costs almost $11 million


Health care continues to lead all sectors with the most expensive data breaches

The average cost of a health care data breach is now $10.93 million, an 8% increase from a year ago, when the average cost topped $10 million for the first time, according to IBM’s Cost of a Data Breach Report.

Cybersecurity: ©Adam121 - stock.adobe.com

Cybersecurity: ©Adam121 - stock.adobe.com

The health care sector continues to be a prime target for hackers, leading all other industries for the 13th consecutive year when it comes to expensive data breaches. The average cost of a data breach across all industries is $4.45 million, less than half of what the average health care breach costs.

“We're seeing a very big increase for health care organizations, probably because they're really in the crosshairs of attackers. And there is no relenting so far,” said Limor Kessem, a senior cybersecurity consultant for IBM Security, in a statement.

Despite being targeted, many health care organizations are not as sophisticated in their cybersecurity defenses because health systems have had trouble attracting top cybersecurity talent because they don’t pay as well as other industries.

“Security folks are going to work for places where they could get the bigger paycheck, and it's not always going to be a health care organization,” Kessem said. “It's a tough industry to get very skilled staff.”

Experts say that health care will continue to be a top target for hackers

“Health care will always be an attractive target for threat actors because of the valuable data they collect and store,” said Emily Phelphs, director, Cyware, in a statement. “Adversaries don't only outnumber available cybersecurity pros; they collaborate effectively too. To mitigate the risks, health care organizations should leverage automation tools that enable lean security teams to efficiently address threats, they should ensure they invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics such as phishing attacks, and they should consider partnering with security providers that can act as an extension of their teams, gaining expertise that is more difficult to resource and retain internally.”

Stephen Gates, principal security SME, Horizon3.ai, says health care organizations need to do more to protect themselves.

“The health care industry is being impacted by an enormous threat landscape with vast numbers of threat actors who are looking to breach organizations' networks, steal their data, hold them for ransom, and potentially destroy their businesses,” said Gates in a statement. “The defensive technologies they have in place are proving to be insufficient in blocking today's attacks. Continuously assessing your network attack surface, finding your weaknesses, remediating them immediately, and verifying that your remediations worked is the best way organizations can stay ahead of attackers.”

Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec