Cybersecurity News

Healthcare Data Breach Costs Surged During Pandemic

IBM Security and Ponemon Institute released a report on July 28, noting the surging costs of health data breaches.

Healthcare facilities are facing a surge in data breach costs.

Source: Getty Images

By Lisa Gentes-Hunt

- The cost of a data breach for a healthcare facility spiked during the pandemic, according to a new report. 

The 2021 Cost of a Data Breach Report,” released on July 28, reports that costs associated with healthcare data breaches increased $2 million over the previous year.  

“Healthcare breaches cost the most by far, at $9.23 million per incident – a $2 million increase over the previous year,” according to the report.  

Healthcare, retail, hospitality, and the consumer/manufacturing/distribution sectors, are all industries which endured large operational changes during the COVID-19 pandemic. These sectors experienced a “substantial increase in data breach costs year over year,” the report states. 

The joint report from IBM Security and Ponemon Institute analyzed an estimated 100,000 records of data breaches experienced by over 500 organizations across the globe.  

READ MORE: Healthcare Cyberattacks, Data Breaches Pressuring Nonprofit Orgs 

“The report takes into account hundreds of cost factors involved in data breach incidents, from legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity,” a media release states.  

The average cost of a data breach incident (of the surveyed companies) is $4.24 million, the highest it has been since the creation of this study 17 years ago, the report notes.  

The study “suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year,” the release states.  

The study also found that the United States had the most expensive data breaches at $9.05 million per incident, with the Middle East next at $6.93 million and Canada at $5.4 million.  

"Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic," said Chris McCurdy, Vice President and General Manager, IBM Security. "While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line." 

READ MORE: How Can Congress Aid Healthcare Cybersecurity, Fight Ransomware?

The joint report found trends among the 500 organizations studied, including the impact of remote work and shifting to cloud storage; compromised credentials; and how modern approaches reduce costs of breaches. 

“The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches,” the report release notes. “Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)”  

According to the report, almost 20 percent of the organizations in the study cited remote work as a factor in their data breaches and those breaches ended up costing companies nearly 15 percent more than the average breach.  

Additionally, the report cites stolen credentials as the number one cause of data breaches.  

Also, personal data is cited as the number one type of data stolen, according to the report. That data includes names, email addresses and passwords. The study found 44% of data breaches included this type of data.  

READ MORE: Health Cyberattack Exposes PHI for 45K at Florida Heart Associates 

The IBM Security/Ponemon Institute study also examined AI, security analytics and encryption, noting these were the three “mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools.”  

“For cloud-based data breaches studied, organizations that had implemented a hybrid cloud approach had lower data breach costs ($3.61 million) than those who had a primarily public cloud ($4.80 million) or primarily private cloud approach ($4.55 million,)” the study notes.  

The study notes that consumer data, including credentials, is being compromised in data breaches.  

“Nearly half (44%) of the breaches analyzed exposed customer personal data, such as name, email, password, or even healthcare data – representing the most common type of breached record in the report,” it stated.  

“The loss of customer personal identifiable information (PII) was also the most expensive compared to other types of data ($180 per lost or stolen record vs $161 for overall per record average,” the study notes.