Report: Security incidents cost U.S. hospitals over $1.6B annually

Laura Pedulli | | Health Exec | Cybersecurity

The annual organizational cost associated with security breaches, data loss and unplanned outages for healthcare providers exceeds $1.6 billion for U.S. hospitals, according to a report from MeriTalk, a Va.-based public-private partnership.

The report, “Rx: ITaaS + Trust,” based this finding on estimates derived from a survey of 283 healthcare IT executives. Of those respondents, 61 percent experienced a security related incident in the form of a security breach, data loss or unplanned downtime at least once during the past year.

Findings on the three areas studied:

  • Security Breaches: Nearly one in five (19 percent) surveyed has experienced a security breach in the past year at a cost of $810,189 per incident. The breaches were most commonly caused by malware and viruses (58 percent); outsider attacks (42 percent); loss/theft of equipment (38 percent); and user error (35 percent).
  • Data Loss: More than one-quarter (28 percent) of organizations have experienced data loss in the past year at a total cost of $807,571 per incident. Of those, more than one-third (39 percent) have experienced five or more incidences of data loss during this time frame. Common causes of data loss include hardware failure (51 percent); loss of power (49 percent); and loss of backup power (27 percent).
  • Unplanned Outages: Forty percent of organizations have experienced an unplanned outage in the past 12 months at a cost of $432,000 per incident. On average, healthcare organizations have lost 57 hours to unplanned downtime over the past 12 months. The most common causes of outages include hardware failure (65 percent); loss of power (49 percent); software failure (31 percent); and data corruption (24 percent).

Meanwhile, only 27 percent believe their organization is fully prepared to ensure continuous availability of electronic protected health information (PHI) during unplanned outages, disaster recovery or emergency mode operations. Respondents acknowledged that more needs to be done to prevent these security incidents, according to the report.

Organizations increasingly turn to health IT to safeguard their data, with 55 percent focusing on encryption of PHI, 54 percent complying with the security risk analysis EMR Meaningful Use requirements; and forty four percent putting efforts into breach prevention and detection.

More information on the report is accessible here.

Laura Pedulli

Related Content

FBI seeking extradition of Israeli prisoner accused of $500M in ransomware attacks
Data breach at chain of clinics impacts 450K patients
Nebraska becomes first state to sue Change Healthcare over data breach
Christmas ransomware exposed over 300K patient records to dark web
Cryo-frozen tissue manufacturer suffers cyberattack
First surgical device of its kind granted key FDA exemption

Around the web

Cardiovascular Business
FDA says years-long tirzepatide shortage is resolved, will give limited leeway to compounders

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

AI in Healthcare
From Capitol Hill to a hospital near you? 5 federal recommendations for healthcare AI policy

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Cardiovascular Business
Merck spends up to $2B to license new weight loss drug with potential heart benefits

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.