Average Cost of Healthcare Data Breach Reaches $11M

July 24, 2023 - The average cost of a healthcare data breach rose to $11 million, signifying a $1 million increase from last year, according to IBM Security’s 2023 "Cost of a Data Breach Report." The global average cost of a data breach across all sectors in 2023 was $4.45 million – a 15 percent increase over the last three years, but still only a fraction of healthcare’s breach costs.

Conducted by Ponemon Institute and sponsored by IBM Security, the annual report sheds light on data breach response trends and the specific costs of responding to and recovering from a breach in a variety of sectors. This year’s report analyzed 553 organizations impacted by data breaches that occurred between March 2022 and March 2023.

Healthcare experienced the highest average cost of any industry for the 13th consecutive year. Researchers attributed these costs to the sector’s high levels of regulation and its status as critical infrastructure, as well as an uptick in breaches since the onset of the COVID-19 pandemic.

To calculate the cost of a data breach, researchers took detection isolation, notification, post-breach response, and lost business costs into account.

In general, critical infrastructure faced average breach costs that were $1.26 million higher than other industries. In addition, organizations in the United States faced higher breach costs than any other country.

Common initial attack vectors included phishing and stolen or compromised credentials, accounting for 16 percent and 15 percent of breaches, respectively. What’s more, breaches that began with stolen or compromised credentials took nearly 11 months to identify and contain on average.

“This year, for the first time, the report examined both zero-day (unknown) vulnerabilities as well as known, unpatched vulnerabilities as the source of the data breach and found that more than 5 [percent] of the breaches studied originated from known vulnerabilities that had yet to be patched,” the report noted, highlighting the importance of vulnerability management.

The average data breach lifecycle was 277 days, referring to the elapsed time between initial detection and containment. Despite an increased focus on cybersecurity across all sectors in recent years, breaches were most often identified by a benign third party or disclosed by threat actors themselves rather than by internal security teams.

A shorter breach lifecycle was associated with a reduction in costs, highlighting the importance of early detection and containment. Other factors that mitigated costs included incident response planning and testing, employee training, and high usage of a DevSecOps approach. On the other hand, a security skills shortage, high levels of security system complexity, and noncompliance with regulations led to increased costs.

Nearly a quarter of all attacks analyzed involved ransomware, costing organizations $5.13 million on average. Involving law enforcement proved to be a key factor in contributing to lower costs for organizations that suffered ransomware attacks. In addition, automated response playbooks and workflows designed specifically for ransomware attacks aided organizations in responding quickly.

When it came to cloud technology, IBM and Ponemon Institute observed higher costs for organizations that stored data in public clouds and multiple environments, as well as longer breach lifecycles.

Despite an increase in costs and complexity in 2023, just 51 percent of organizations reported increasing security investments after a breach. Incident response plans and employee training were among the top spending areas after a breach.

Thankfully, defenders are finding innovative ways to reduce detection time and cost using methods that will hopefully become more widespread in the upcoming years. For example, organizations that deployed security artificial intelligence (AI) and automation tech saw shorter breach lifecycles by 108 days on average, leading to reduced costs. However, threat actors have also learned the power of AI, meaning that ransomware deployment is faster than ever.

Enhanced incident response strategies, threat intelligence, vulnerability and risk management, and attack surface management all proved crucial to organizations looking to reduce the impacts of  breach.

“Time is the new currency in cybersecurity both for the defenders and the attackers. As the report shows, early detection and fast response can significantly reduce the impact of a breach," said Chris McCurdy, General Manager, Worldwide IBM Security Services.

“Security teams must focus on where adversaries are the most successful and concentrate their efforts on stopping them before they achieve their goals. Investments in threat detection and response approaches that accelerate defenders’ speed and efficiency – such as AI and automation – are crucial to shifting this balance.”