As more healthcare tasks and information goes digital, the risks––and costs––of data breaches have risen to the tune of $10 million for healthcare companies.
That’s the average cost of a data breach, according to IBM’s annual Cost of a Data Breach Report, based on in-depth analysis of real-world data breaches experienced by 550 organizations globally between March 2021 and March 2022.
Breach costs have risen 13% over the last two years, and the increase in cost could be passing down through the economy, influencing higher prices for goods and services, the findings revealed. In fact, 60% of organizations in the study raised prices of their product or services due to a data breach.
According to the findings, healthcare data breaches were the costliest among other industries, averaging a record high of $10.1 million. That’s up nearly $1 million, and the 12th consecutive year of the report with healthcare as the industry-topper for cost of a data breach.
"Businesses need to put their security defenses on the offense and beat attackers to the punch. It's time to stop the adversary from achieving their objectives and start to minimize the impact of attacks,” Charles Henderson, global head of IBM Security X-Force, said in a statement. “The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.”
Part of the problem is that healthcare organizations, as well as other industries, may be too trusting in their infrastructure. Twenty-eight percent of breaches amongst critical infrastructure organizations studied came from ransomware and destructive attacks. Additionally, the threat actors attacking organizations are seeking to disrupt global supply chains, including healthcare, the report warned.
Phishing is also a top cause of data breaches, accounting for 12% of breaches in the report. However, while it’s the second most common cause of breaches, it has become the costliest, averaging $4.91 million in average breach costs for responding organizations across industries.
Once organizations are breached, they often have a choice to either pay ransom attackers or not, and both options come with a cost. Average ransom costs reached $812,000 in 2021, and businesses that opt to pay the ransom could net higher costs overall as a result of the breach. Plus, they could be funding future attacks with the capital in a ransom. Across industries, a cyber breach averages $3.8 million in cost to an impacted organization.