The growing impact of healthcare data breaches
Healthcare data breaches are becoming increasingly costly. According to IBM’s Cost of a Data Breach 2024 report, the average cost of a breach in healthcare is now $9.77 million. This amount is 67% higher than the global average of $4.88million. Among the 17 industries studied, healthcare has the highest data breach cost, underscoring its vulnerability.
Key attack vectors and their impact
Despite an 11% decrease in breach costs from 2023, healthcare breaches remain expensive.
Phishing (16% of breaches), compromised credentials (15% of breaches), and cloud misconfiguration (12% of breaches) are the main attack vectors in healthcare. A breach involving 50 million records can cost up to $375 million. Ransomware breaches average $4.91 million.
Why is healthcare a prime target?
Healthcare’s critical infrastructure status and the sensitivity of its data make it a top target for cybercriminals.
The sector’s regulation and societal importance further drive up breach costs. In March 2024, 93 healthcare breaches involving 500 or more records were reported to the U.S. Department of Health and Human Services. This represents a 50% increase from February 2024 and a 41% increase year-on-year.
The challenge of containing cyberattacks
Healthcare organisations face challenges in quickly identifying and containing cyberattacks. On average, it takes 213 days to identify an attack and another 83 days to contain it. These figures are higher than the global averages of 194 days to identify and 64 days to contain.
High-profile healthcare breaches
Recent incidents, like the Synnovis cyber attack and the breach of Advanced Computer Software Group, highlight the severe impact of healthcare data breaches. These breaches disrupted services and compromised sensitive information. They underscore the urgent need for better security measures.
The role of AI and automation in healthcare cyber security
AI and automation play a critical role in enhancing healthcare cyber security. Organisations using AI for security prevention save an average of $2.22 million compared to those without AI. AI helps detect suspicious behaviour and correlate data from multiple sources, enabling early detection of advanced threats. Incident response teams and identity and access management strategies also contribute to significant cost savings.
Organisations using AI for security prevention save an average of $2.22 million compared to those without AI. Share on XAddressing the cyber skills shortage
The healthcare sector is facing a severe cyber security staffing shortage. This shortage will increase breach costs by an average of $1.76 million in 2024. Despite adopting generative AI security tools, the skills gap remains a significant challenge.
Recommendations to reduce data breach costs
To effectively reduce data breach costs, we offer strategic recommendations based on proven security approaches.
- Understand your information landscape
Healthcare organisations store data across various environments, including on-premises, private cloud and public cloud. Incomplete or outdated data inventories can delay breach detection, raising costs. We recommend comprehensive visibility across all environments. Implementing data security third-party cyber risk management, identity and access management (AIM), and attach surface management ensures consistent protection.
- Focus on Cloud security
Hybrid and public cloud environments are particularly vulnerable. 40% of data breaches involved data stored across multiple environments, and when breached data was stored in public clouds, it incurred the highest average breach cost at USD 5.17 million. Understanding specific risks and implementing tailored controls for each cloud service is crucial to mitigate these threats.
- Address unmanaged and shadow data
Unmanaged or shadow data further complicates managing diverse environments. These data types contribute to one-third of breaches. Northdoor recommends robust data encryption strategies to reduce risk, especially in AI workloads.
You are not on your own
Closing vulnerabilities can seem overwhelming, especially for companies with small IT teams. It might even feel impossible. However, many organisations are now turning to managed services consultancies. This approach places IT management and cyber security in the hands of a dedicated 24/7 team. This offers companies true peace of mind.
In addition, the tools available to combat cyberattacks have become increasingly sophisticated. Today, advanced solutions can detect phishing attempts, monitor supply chains for third-party vulnerabilities, and identify unusual system activity.
While the cost of breaches continues to rise and basic vulnerabilities remain, companies now have access to a wide range of data security solutions and expert partners to help counter these threats effectively.
Download the Cost of Data Breach 2024 report now and register for the IBM Security webinar to uncover some of the leading contributions to higher data breach costs.