Data breaches cost an average of $10M

As more healthcare tasks and information goes digital, the risks––and costs––of data breaches have risen to the tune of $10 million for healthcare companies.

That’s the average cost of a data breach, according to IBM’s annual Cost of a Data Breach Report, based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022. 

Breach costs have risen 13% over the last two years, and the increase in cost could be passing down through the economy, influencing higher prices for goods and services, the findings revealed. In fact, 60% of organizations in the study raised prices of their product or services due to a data breach.

According to the findings, healthcare data breaches were the costliest among other industries, averaging a record high of $10.1 million. That’s up nearly $1 million, and the 12th consecutive year of the report with healthcare as the industry-topper for cost of a data breach. 

"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks,” Charles Henderson, global head of IBM Security X-Force, said in a statement. “The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.”

Part of the problem is that healthcare organizations, as well as other industries, may be too trusting in their infrastructure. Twenty-eight percent of breaches amongst critical infrastructure organizations studied came from ransomware and destructive attacks. Additionally, the threat actors attacking organizations are seeking to disrupt global supply chains, including healthcare, the report warned. 

Phishing is also a top cause of data breaches, accounting for 12% of breaches in the report. However, while it’s the second most common cause of breaches, it has become the costliest, averaging $4.91 million in average breach costs for responding organizations across industries. 

Once organizations are breached, they often have a choice to either pay ransom attackers or not, and both options come with a cost. Average ransom costs reached $812,000 in 2021, and businesses that opt to pay the ransom could net higher costs overall as a result of the breach. Plus, they could be funding future attacks with the capital in a ransom. Across industries, a cyber breach averages $3.8 million in cost to an impacted organization.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.