Healthcare code red: $10M data breach cost demands action

A prime target for cyberattacks, healthcare faces the highest average breach cost, emphasizing the urgent need for improved security measures.

By admin

Aug 7, 2024, 12:29 PM

The bottom line

The U.S. healthcare industry continues to face the highest average cost of a data breach, reaching $9.77 million in 2024, according to a new report from IBM and Ponemon, due to healthcare’s sensitive data and potential vulnerabilities from legacy systems.

What the data breach report found

Despite a 10.6% decrease in the average breach cost compared to the previous year, healthcare still holds the top position for the costliest breaches since 2011 — the average breach cost across all industries was $4.89 million. The report attributed this persistent trend to the healthcare’s challenges in modernizing technology and its susceptibility to disruptions that can directly impact patient safety.

A chunk of the high costs of breaches are due to various extortion attacks, including ransomware and data exfiltration, which the report suggested could be reduced by involving law enforcement in ransomware cases.

Another significant cost-saver is the extensive use of security AI and automation, which help to more quickly identify and contain breaches, saving an average of $1.88 million. Just one-third of the organizations surveyed by Ponemon use AI and automation extensively for security (prevention, detection, investigation and response), while one-third reported no security use of these technologies.

Phishing and compromised credentials were the two most common attack vectors, underscoring the importance of robust employee training and multi-factor authentication in the healthcare sector to prevent unauthorized access and data breaches.

Additional data indicated a 26.2% increase in organizations facing a critical lack of skilled security workers. This shortage can lead to higher breach costs, highlighting the need for healthcare organizations to attract and retain top cybersecurity talent or consider outsourcing security functions to managed security service providers.

Key data breach security takeaways

Prioritize Cybersecurity: The healthcare industry’s high average breach cost underscores the critical need for robust cybersecurity measures. Healthcare leaders must prioritize investments in security infrastructure, employee training, and incident response planning to mitigate risks and protect sensitive patient data.
Address Technology Gaps: The report identifies the healthcare sector’s reliance on legacy systems as a contributing factor to its vulnerability. Healthcare organizations should proactively address technology gaps by modernizing their infrastructure and adopting secure solutions that can adapt to the evolving threat landscape.
Focus on Patient Safety: The potential for disruptions to patient care due to breaches emphasizes the importance of patient safety in cybersecurity strategies. Healthcare leaders must ensure that their security measures not only protect data but also maintain the continuity of critical operations to safeguard patient well-being.