Still underinvesting in cybersecurity? It'll cost you $408 per patient record

A breach in financial services, the second most expensive sector, costs only half of what hospitals wind up spending.
By Jessica Davis
04:21 PM
Share
underinvesting in cybersecurity can cost you a lot per patient record

Healthcare data breaches cost the sector about $408 per patient record, three times more than any other industry, according to the new Ponemon Cost of a Data Breach Report.

Breaches have cost healthcare sector more than others for the last eight years, according to the report. In fact, the financial sector landed at number two, but its breaches cost $206 per consumer -- half of what it costs the healthcare industry.

Not only that, but the amount is up from $308 per patient record from last year.

In the report, sponsored by IBM, Ponemon compared the cost of data breaches around the globe and across all sectors, and found data breaches cost organizations $3.86 million, up 6 percent from last year. Researchers spoke with more than 2,000 individuals and 477 organizations to calculate these costs.

Just last year, the cost of a breach fell year over year to $3.62 million, but those costs have once again increased -- up from $141 per record across all sectors last year.

It’s also notable that data breaches are costlier in the U.S. than any other country, with an average of $7.91 million. For comparison, it cost Buffalo-based Erie County Medical Center nearly $10 million to rebuild its systems after falling victim to a ransomware attack in April 2017.

The type of breach also affects costs, with cyberattacks and malicious insiders costing about $157 per record across all sectors. System glitches cost about $131 per record to resolve, while human errors cost $128 on average.

What’s also concerning is that mean time to identify a breach was a staggering 197 days, with a mean of 69 days to contain a breach. Both of these numbers increased from 2017, which the report noted was due to the severity of cyberattacks this year.

According to the report, the costs of breaches are high in healthcare, not just due to the obvious network and system damage or data theft. Rather, the main cause is a loss of reputation that leads to a lack of information, strained relationships with other businesses, education and a loss of customers.

But one of the biggest reasons is a loss of time, when employees are doing damage control after a breach.

Fortunately, there’s a silver lining: Incident response speed has a major impact on the overall cost of a breach, the report found. If a breach is contained within a month, organizations can save up to $1 million in comparison to those with slower response times.

And having an incident response team and plan, along with automated cybersecurity tools also directly impacts the cost, according to the report.

"Organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach," the report found.

“There are many hidden expenses which must be taken into account,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services, in a statement. “Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake."

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com