Healthcare Information Security

Cybersecurity News

Healthcare Cyberattacks Cost $1.4 Million on Average in Recovery

The cost is directly tied to a loss of productivity, reputation damage, and service disruption, among other business impacts.

healthcare data breach cost

By Jessica Davis

- The average healthcare organization spent $1.4 million to recover from a cyberattack, according to a recent report from Radware. The number is slightly lower than other industries, which spent $1.67 million.

The Radware 2018-2019 Global Application and Network Security Report researchers surveyed 790 IT executives and found a 50 percent growth in organizations estimating the cost of a cyberattack to be greater than $1 million. In fact, those executives are increasingly shifting away from lower estimates.

About 54 percent of respondents said revenue-killing operational and productivity loss felt the greatest impact of a cyberattack, while 43 percent pointed to negative customer experience. Another 37 percent said they saw reputation loss after a cyberattack.

“Quantifiable monetary losses can be directly tied to the aftermath of cyberattacks in lost revenue, unexpected budget expenditures and drops in stock values,” the report authors wrote. “Protracted repercussions are most likely to emerge as a result of negative customer experiences, damage to brand reputation and loss of customers.”

When these attacks are broken down by sector, healthcare was the second-most attacked industry, after the government sector. In fact, about 39 percent of healthcare organizations were hit daily or weekly by hackers. And only 6 percent said they’d never experienced a cyberattack.

According to the report, these organizations saw a significant increase in malware or bot attacks, with socially engineered threats and DDoS steadily growing, as well. Ransomware attacks have gone down, Radware noted. However, recent reports have shown that hackers continue to hit healthcare the hardest with these attacks.

Cryptomining is on the rise, with 44 percent of organizations experiencing a cryptomining or ransomware attack. Another 14 percent experienced both. What’s worse is that these health providers don’t feel prepared for these attacks. The report found healthcare “is still intimidated by ransomware.”

The report also found that healthcare organizations, including medical insurance, labs, providers and pharma are becoming much more popular targets for hackers.

“The value of medical records on the darknet is higher than that of passwords and credit cards. To prevent attacks that affect the functionality of medical systems, this industry must be able to promptly detect and thwart cyberattacks,” the report authors wrote.

However, on a positive note: “At 82%, healthcare leads industries that have an emergency response plan in place.”

The report authors predict that hackers will continue to refine ransomware attacks and will likely use the virus to hijack IoT to hold tech hostage.

“The most disturbing ransom attack is one that seeks to take advantage of people who are dealing with health issues. Many ailments are treated with cloud-based monitoring services, IoT-embedded devices and self or automated administration of prescription medicines,” they wrote. “Common ransom attacks could establish a foothold in the delivery of health services and put people’s lives at risk.”

Radware’s report follows findings from the American Journal of Managed Care that determined hospitals spend 64 percent more annually on advertising after a breach over the course of two years. The costs were associated with efforts to repair the hospital’s image and minimize the loss of patients to competitors.

“The cost of cyberattacks is simply too great to not succeed in mitigating every threat, every time,” Radware report authors wrote. “Customer trust is obliterated in moments, and the impact is significant on brand reputation and costs to win back business.”

“Securing digital assets can no longer be delegated solely to the IT department,” they continued. “Rather, security planning needs to be infused into new product and service offerings, security, development plans and new business initiatives.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...