Category: Alerts
Health care incurs highest data breach costs – for the 13th year in a row
By Andrea Fox
Healthcare IT News
August 11, 2023
New research by the Ponemon Institute and IBM Security revealed that the global average cost of a data breach reached $4.45 million and the costs of avoiding law enforcement after a ransomware attack have increased by $470,000.
Looking across industries at 553 organizations impacted by data breaches that occurred between March 2022 and March 2023, not only did the healthcare sector see a 53% jump in breach costs since the COVID-19 pandemic, health data breach costs reached nearly $11 million.
WHY IT MATTERS
The Cost of a Data Breach Report 2023 examined the root causes and both short-term and long-term consequences of data breaches, as well as the factors and technologies that enabled organizations to either limit losses or increase their recovery costs.
The most common breach tactic at 16% was phishing followed by compromised credentials. Along with soaring costs for breaches, the healthcare sector contends with cyberattacks that weaponize medical records for extortion.
Only one-third of the organizations studied detected the breach themselves, compared to 27% that saw breaches disclosed by an attacker. The latter saw breach lifecycles nearly 80 days longer than those that detected their breaches sooner.
Meanwhile, researchers said that artificial intelligence and automation had the biggest impact on the speed of breach identification and containment among the studied organizations.
With AI, organizations experienced a data breach lifecycle that was 108 days shorter compared to those in the study that did not deploy these technologies – 214 days versus 322 days. The researchers said that deploying security AI and automation extensively lowered data breach costs by nearly $1.8 million more than organizations that didn't deploy these technologies.
They also said that 51% of impacted organizations are planning to increase their security investments in incident response planning and testing, employee training, and threat detection and response technologies.
While defenders were able to halt a higher proportion of ransomware attacks over the previous year, according to IBM's 2023 Threat Intelligence Index, this new data breach cost study found that adversaries reduced their average time to complete an attack.
The report also includes:
In-depth analyses, including breach costs by geographic region and industry
Security recommendations from IBM Security experts
THE LARGER TREND
This past year, a Ponemon Institute study looked at the direct impact of cyberattacks on patient safety at U.S. hospitals and health systems and set off alarm bells when it revealed that 20% of those that experienced the four most common types of cyberattacks said that they subsequently experienced increased patient mortality rates.
Larry Ponemon, chairman and founder of the Ponemon Institute, noted that attacks the institute analyzed put a significant strain on healthcare organizations' resources.
"Their result is not only tremendous cost but also a direct impact on patient care, endangering people's safety and wellbeing," he said.
ON THE RECORD
"Time is the new currency in cybersecurity both for the defenders and the attackers," said Chris McCurdy, general manager of Worldwide IBM Security Services, in a statement. "As the report shows, early detection and fast response can significantly reduce the impact of a breach."