The $10 Million Burden for Data Breaches in Health Care

August 22, 2022

Health care has felt the heaviest burden from data breaches, with the average cost rising to more than $10 million per event.

A new report from IBM Security evaluates the cost of data breaches across industries and illustrates the growing stakes for the health care community. Since last year, the total cost of a breach in health care increased 9.4 percent, the report said.

“Health care is one of the more highly regulated industries and is considered critical infrastructure by the U.S. government," the report notes.

Among the key takeaways:

• An unfortunate streak:  For 12 consecutive years, health care has had the highest cost per data breach.
• Significant cost:  The average cost for a data breach in health care is $10.1 million, up from $9.23 million since last year. This is a 41.6 percent increase since IBM’s 2020 report.
• Top five:  After health care, the industries facing the largest financial burden per event from data breaches were the financial ($5.97 million), pharmaceutical (5.01 million), technology ($4.97 million), and energy ($4.72 million) sectors.
• The “long tail” costs:  On average, nearly a quarter of data breach costs in highly regulated industries are accrued more than two years after the event.
• Root causes:  In critical infrastructure industries, top causes for breaches included information technology failures (25%), human error (22%), supply chain attacks on third-party businesses (17%), destructive attacks (16%), and ransomware (12%).

More information about the report is available online.

HAP is committed to supporting Pennsylvania’s hospital community to respond to cybersecurity and data threats. Pennsylvania’s hospitals are focused on emergency preparedness and planning to protect patient information and deliver outstanding care in their communities.

For more information, contact Jason Tomashunas, MS, CHEP, HAP manager, emergency management.