Healthcare data breaches more expensive than other industries

Healthcare organizations will pay more per lost or stolen record when their data is breached, according to a new study by IBM and the Ponemon Institute.

The annual report on the cost of data breaches found responding to a breach has become more costly across all industries around the world, rising to an average of $4 million.

The average cost across all industries broke down to $158 per record that has been lost or stolen. Healthcare organizations, however, were shown to face a significantly higher cost of $355 per lost or stolen record—well above the next highest cost, education, which came in at $245 per record.

The report, now in its 11th year, said trends indicate the healthcare industry has to deal with greater financial consequences from data breaches because of fines levied against breached organizations, along with higher than average rates of lost business and customers.

While IBM and the Ponemon Institute don’t offer remedies specific to healthcare, the report did point out measures that can affect the overall costs of responding to breaches. For example, having an incident response team reduced the price tag of a breach resolution by an average of $16 per record. Extensive use of encryption and employee training were also shown to reduce costs.

On the flip side, if the breach involved a third party, costs went up by an average of $14 per record. Rushing to notify, having devices lost or stolen, and hiring consultants were also shown to increase response costs.

""
John Gregory, Senior Writer

John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.

Around the web

Cardiovascular devices are more likely to be in a Class I recall than any other device type. The FDA's approval process appears to be at least partially responsible, though the agency is working to make some serious changes. We spoke to a researcher who has been tracking these data for years to learn more. 

Updated compensation data includes good news for multiple subspecialties. The new report also examines private equity's impact on employment models and how much male cardiologists earn compared to females.

When drugs are on the FDA’s shortage list, outsourcing facilities can produce their own compounded versions. When the FDA removed tirzepatide from that list with no warning, it created a considerable amount of chaos both behind the scenes and in pharmacies all over the country. 

Trimed Popup
Trimed Popup