Protect Patient Data: The Cost Of A Data Breach In Healthcare


If the cost of boosting your healthcare organization's cybersecurity seems inhibitive or expensive, you may want to consider just how expensive it would be for your company not to be adequately prepared and protected. 

Even smaller organizations—who are the direct target of 43 percent of all cyberattacks, according to a recent report from Verizon—face an enormous threat from security breaches. The average cost of a data breach for a small business is upwards of $188,000, and the cost even goes beyond financial impact. According to Microsoft, 6 in 10 small businesses are unable to survive data breaches and close within six months after an attack. 

For small and large businesses within the healthcare industry, the potential repercussions are too big to ignore. In this article, we dive into the data to help clarify just how costly a realized threat to your cybersecurity can be and what can be done to protect your bottom line (and your patients). 


Understanding the Potential Costs of Data Breaches for Healthcare Organizations

According to leading data breach reports, including a 2020 report recently released by IBM Security, the healthcare industry incurs the highest average cost of data breaches—to the tune of $7.13 million per incident. This is up by 10 percent compared to just one year prior.

The implication is that the financial impact of these cyberattacks is only getting bigger—especially given the increasing use of telemedicine and remote patient-provider technology. 

As many experts note, these costs have direct and indirect impacts on healthcare companies that can be felt for years, even long-after a breach has been rectified. A 2019 report from HIPAA Journal suggests that while 67 percent of costs are realized within the first year of a data breach, 22 percent and 11 percent of costs come after one and two or more years later.

Why the prolonged impact? One reason could be the target of such attacks. Around 80% of data security breaches within all industries involve the theft of clients' personal information. It's the most expensive type of data breach to fix, but it also has a major negative impact on the reputation of healthcare companies—companies who generally pledge to "first, do no harm." By lowering public trust and reputation, a data breach can easily drive a healthcare company's profit margins and future business down.

Beyond the direct costs of correcting a cyberattack and indirect costs of damaged brand reputation, there are still other costs to data breaches that any healthcare company should consider. For example, cyberattacks often lead to legal fees, third party fees, and victim restitution fees that organizations must deal with. While the use of cybersecurity insurance can offset many of these costs, it's in the best interest of healthcare organizations (and their patients) to avoid the need to file such claims in the first place.

It's no wonder healthcare companies are projected to invest $125 billion in cybersecurity efforts over the next five years. 


Protecting Against Cybersecurity Breaches: What Healthcare Companies Should Know

Why are these breaches happening? The recent IBM Security report found that for healthcare companies, half of all data breaches were a result of malicious attacks, 27 percent were due to human error, and the rest were due to system glitches. With this in mind, here are a few top priorities information security officers and other healthcare management leaders should focus on: 

  • Being aware of a company's particular risks and areas of vulnerability 
  • Updating software systems regularly and backing up data as appropriate
  • Using best practices for passwords 
  • Implementing employee training and establishing a company culture of digital safety
  • Utilizing leading-edge technologies, such as two-factor authentication, as appropriate
  • Accounting for the increased use of mobile devices and telemedicine technology 

If it sounds like a lot to implement, consider consulting with a cybersecurity expert team who can help you allocate your resources effectively and ensure your community is adequately protected.

Cybersecurity protection and detection for clinical healthcare practices

Read On