Each year, IBM Security and Ponemon Institute publish their “Cost of a Data Breach Report” in which they assess the previous year’s data breaches. In the 2021 breach report, it was determined that 2020 healthcare data breaches cost organizations $2 million to $9.42 million per incident. Furthering that ransomware attacks cost an organization an average of $4.62 million per incident. With ransomware attacks accounting for more than half of healthcare breaches in 2020, the average cost of a healthcare data breach has reached $4.62 million per incident.

Overall, the cost of a data breach increased by 10% as compared to the previous year, largely due to the widespread adoption of cloud technology to support new remote workforces. The quick manner in which businesses implemented new technology led many to fail to implement policies, procedures, and training for remote workers. Remote workers also contributed to a delay in response to security incidents, adding an average of $1 million to the cost of data breaches associated with remote work.

Click here for your free telecommuting policy!

What Caused the Breaches and What Information Was Exposed?

Average Cost of Healthcare Data Breach

According to the security report, the most common cause behind healthcare data breaches was stolen login credentials, representing 20% of breaches. On average, these types of breaches took longer to identify and respond to, taking 250 days. Additionally, 20% of breaches cited remote work as a cause, with these types of breaches costing 15% more than other breaches.

The report cites the most common type of data exposed as customers’ personal data such as names, email addresses, passwords, and healthcare data, representing 44% of all data breaches. Another cause for concern is that, according to a Ponemon Institute survey, 82% of people reuse their login credentials (including usernames and passwords) across multiple accounts. So when their credentials are stolen in one data breach, an unauthorized party could gain access to several of their online accounts.

How to Mitigate the Costs of a Healthcare Data Breach

There are several ways in which the cost of a healthcare data breach can be limited. What it ultimately comes down to is having incident prevention systems in place, and being able to quickly detect and respond to incidents. 

  • Encryption, AI, and Analytics. Companies that had encryption, artificial intelligence-based security solutions, and security analytics in place saved anywhere from $1.25 million to $1.49 million per incident. To be HIPAA compliant, healthcare organizations must encrypt their electronic protected health information (ePHI) to prevent unauthorized access to the sensitive data. HIPAA also requires access to ePHI to be tracked and monitored, allowing organizations to quickly respond to incidents.

Let’s Simplify Compliance

HIPAA compliance and cybersecurity go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance