Healthcare tops list for cost of data breach, again

In today’s ever-changing cyber landscape, every industry has seen its share of data breaches. No organization, regardless of size, industry or current internal capabilities, is immune to the possibility of a successful cyberattack. Over the past few years, healthcare has topped the list as the industry with the highest average cost of a data breach. Now the new version of IBM Security Cost of a Data Breach Report 2022 reveals that healthcare is the costliest industry for the 12th consecutive year. The report presents findings on the average cost of a breach and examines key factors that can contribute to higher costs, such as wait time and increased compliance requirements.

Average cost of a breach

The average data breach for organizations in the the health industry went from $9.23 million to a total of $10.1 million, according to the report. This is a substantial increase of $870,000, or 9.4%, since last year’s report and 41.6% since the 2020 report. In contrast, the financial sector came in far behind for the highest average cost, with an average of $5.97 million. Across all industries, the average total cost of a data breach reached an all-time high of $4.35 million, a 12.7% increase since 2020.

Residence time

Cybercriminals can go unnoticed in a network for months or even years. On residence time, which is the amount of time between initial unauthorized access and containment of the breach, provides greater opportunity for cybercriminals to cause damage to a network and compromise patient data. In 2022, the average stay time was reduced from 287 days to 277 days for a year-over-year decrease of 10 days, according to the report. The report also shows that breaches taking more than 200 days to identify and contain cost an average of $4.86 million, but breaches taking less than 200 days cost an average of $3.74 million. The longer dwell time cost an average of $1.12 million.

“The longer the dwell time, the greater the potential impact,” said Lyndon Brown, chief strategy officer at Pondurance. “But there are steps your healthcare facility can take to reduce wait time and minimize the impact on your network. Modern managed detection and response services can provide threat prevention, detection and hunting, as well as integrated incident response to protect your healthcare facility against such threats. The goal should be to detect unauthorized access within minutes.

Increased regulatory and compliance requirements

As you know, the healthcare industry has to follow strict rules regulations and compliance requirements to avoid penalties. The report examines how costs have accrued following a data breach and finds that high data protection regulatory environments, such as healthcare, tend to continue to drive up breach costs. given in subsequent years. On average, organizations in heavily regulated environments accrued 45% of breach costs in year one, 31% in year two, and 24% more than two years after the initial breach. However, in low-regulation environments, 66% incurred costs in the first year, 26% incurred costs in the second year, and only 8% incurred costs more than two years after the violation. The report concludes that legal and regulatory costs may have contributed to the increased costs in subsequent years.

“Healthcare organizations have complex compliance and privacy requirements, and those requirements mean cybersecurity partners must have in-depth knowledge of associated regulations and systems,” Brown said. “Podurance experts have this deep experience to handle healthcare compliance issues and protect sensitive patient information from a data breach. We went there, we did it.

Improve your bottom line

The cybersecurity landscape continues to evolve and, as the report reveals, the cost of a data breach continues to rise for the healthcare industry. But there are ways to protect your healthcare organization from the high cost of a data breach.

Find out how to improve your cybersecurity results in our webinar.


Source link