Why Are Data Breaches So Expensive?
Data breaches in healthcare can make a major negative impact. So, why are data breaches so expensive? Here's what to know
We hear a lot about data breaches across all industries, including the health care industry. As we hear about them, we learn how disastrous they can be, and many organizations aren’t able to overcome the effects of a data breach, ultimately leading them to close their doors.
There are ways to lower these costs without sacrificing security, but you have to understand the true nature of cybersecurity risks, what your specific vulnerabilities are, and the most strategic way to secure your network.
The Biggest Healthcare Breaches In 2019
In 2018, there were an estimated 15 million patients compromised due to just over 500 breaches. That was three times the amount in 2017. At the halfway point of 2019, that number had soared. At the mid-point of the year, there were more than 25 million compromised patient records.
Each of the ten biggest healthcare breaches saw effects on more than 200,000 records each. These went on for long periods of time, and others didn’t report within the 60 days mandated by HIPAA.
Phishing attacks and third-party vendors were the main culprits for healthcare security attacks and incidents.
Some of the biggest attacks affecting healthcare in 2019 included:
- AMCA Data Breach, possibly affecting 25 million patients including Quest Diagnostic patient data
- Dominion National, affecting nearly three million patients.
- Inmediata Health Group which affected around 1.57 million patients
- University of Washington Medicine, impacting an estimated 974,000 patents
- Wolverine Solutions Group impacting 600,000 patients
According to Cybersecurity News, data breaches occurring within the health care industry cost an average of $6.5 million. That’s significantly higher than what other sectors spend, although that’s still a whopping $3.9 million on average.
The healthcare industry is of all industries the hardest hit by data breaches as it stands now.
Why Are Data Breaches in General So Expensive?
Generally, breaches are expensive for a myriad of reasons. These include potential fines from regulators, but there’s a lot more to it than that. For example, of the $3.9 million that a data breach costs, $1.42 million is attributed to loss of business, which is 36% of the total.
Loss of business can include reputation damage and loss of customers.
The cost of litigation is also high when a breach occurs.
Even just the cost of informing customers and affected individuals of a breach can be high. These costs can include paper, postage, and envelopes, as well as the costs of any electronic notification. Around 67% of the costs of a data breach occur in the first year after the incident, and another third tends to come during the two years that follow it.
It is nearly an even split as far as the percentage of data breaches that stem from malicious cyberattacks and those that come from human error or glitches, but both can cost millions if they occur.
When a small company is affected by a data breach, they shoulder higher costs relatively speaking than larger companies. 70% of SMBs in all industries experience cyberattacks, and when that means a data breach occurs, a small company will incur costs of $3,533 per employee when they have between 500 and 1,000 employees.
For companies with more than 25,000 employees, that cost goes down to $204 per employee.
Why Are Healthcare Breaches So Expensive?
The costs of healthcare breaches are similar to the costs of breaches in other sectors.
For example, there are regulatory, legal and technical costs. There are costs of notifying patients, detecting breaches and responding, and the lost business stemming from downtime and a loss of consumer trust.
The average cost of a healthcare breach is $429 per record, which is an increase of more than 5% over the previous year.
Certain factors influence how much a breach costs a healthcare organization. The nature of the breach and the organization’s size are two main factors.
Regardless of the high costs of healthcare data breaches, there are steps healthcare organizations of all sizes can take.
The first is having a strong security architecture. The second is being prepared to identify and respond to a breach quickly.
Sometimes businesses and organizations fail to have a plan in place for how they’ll respond to a breach, and the average time from a breach to when it’s discovered is 279 days.
When an organization identifies and responds to a breach within a 200-day window, it can save an average of $1.2 million.