The 2021 cost of healthcare data breaches soared to an average of $9.3 million per occurrence, according to a report released by IBM Security – a 29.5 percent increase over 2020’s average of $7.13 million.
The average percentage increase of healthcare data breaches was nearly three times higher and nearly twice as costly as the global industry average. The report found that the average cost of a data breach across all industries was $4.24 million in 2021, up from $3.86 million in 2020.
2021 Healthcare Data Breach Costs
The report found the lost business cost of a data breach was nearly $1.6 million, or 38 percent of the $4.24 million global average.
Lost business costs include:
- Business disruption and revenue losses from system downtime;
- Cost of lost customers and acquiring new customers;
- Reputation losses; and
- Diminished goodwill.
Each compromised customer record breached, such as protected health information (PHI) cost an average of $180. These records were targeted in 44 percent of all breaches.
2021 Cost Healthcare Data Breach – Causes
The four most common causes of data breaches in 2021 were:
- Compromised credentials 20%.
- Phishing 17%.
- Cloud misconfiguration 15%.
- Business email compromise 4%.
Business Email Compromises cost $5.01 million on average, followed by phishing attacks ($4.65 million), social engineering ($4.47 million), and compromised credentials ($4.37 million).
The average data breach took 212 days to identify and 75 days to contain in 2021, nearly nine and a half months. Breaches caused by compromised credentials took 341 days on average to contain.
2021 Cost of Healthcare Data Breach – Recommendations for Mitigating Costs
According to the report, an effective compliance strategy (including HIPAA compliance) may be one of the best tools to control the cost of a data breach. The average cost of a data breach at organizations with a low level of compliance failures (resulting in fines, penalties, and lawsuits) was $3.35 million.
On the other hand, organizations with high levels of compliance failures suffered average data breach costs of $5.65 million – 67.7 percent more than the group with low levels of compliance failure.
The report also found that adding a zero-trust security model, forming and testing incident response plans, and utilizing tools to protect and monitor endpoint and remote employees minimized the average costs of a data breach.
2021 Cost of Healthcare Data Breach – Next Steps
HIPAA regulations have always required healthcare providers, and the vendors who touch PHI to be fully compliant with the law. This report indicates that compliance has far more value than just staying out of the HIPAA doghouse.
Cyberattacks can cripple a business operationally and financially. An effective HIPAA compliance program can minimize the impact of data breaches on your organization. Take a moment to review your compliance strategy to be certain it’s protecting your patients, customers, and future as well as it should.
