Avoid the costs of a healthcare data breach

Published On August 30, 2018

The healthcare industry takes the cake when it comes the highest data breach costs per record of any industry for the last eight years straight, IBM and Ponemon Institute found in their 2018 Cost of a Data Breach Report. Just how much is the average healthcare data breach cost per record? The report found that medical records average $408 per record. This is almost three times higher than the cross-industry average of $148 per record.

The report is based off of interviews with about 500 companies that have experienced a data breach, including healthcare organizations. The report analyzes the hundreds of cost factors surrounding a breach. These range from the cost of lost business and reputation to technical investigations and recovery to notifications to legal and regulatory activities.

Here are the report’s top four key findings.

• Identify and contain a breach fast to lower costs. How quickly an organization can identify and contain a data breach will affect the financial consequences, the report found. The faster your organization can identify and contain the threat, the lower the costs. Organizations that identified a breach in less than 100 days saved more than $1 million compared to those who took more than 100 days. Furthermore, the report found that companies that contained a breach in less than 30 days saved over $1 million as compared to those that took more than 30 days.

• The most data breaches are caused by hackers and criminal insiders. The report found that 48% of all breaches in this year’s study were caused by malicious or criminal attacks with the average cost per record to resolve the attack being $157. However, system glitches cost $131 per record and human error cost $128 per record. Overall, the United States ($258) and Canada ($213) spent the most to resolve a malicious or criminal attack.

• Encryption and incident response teams reduce costs. The report found that incident response teams reduced the costs of a breach by as much as $14 per compromised record. In addition, for those companies using encryption extensively, this reduced the costs of a breach for them by $13 per capita.

• The loss of customer trust means serious financial consequences. The report found that organizations that lost less than 1% of their customers because of a data breach resulted in an average total cost of $2.8 million. However, if 4% of customers or more was lost, the average total cost added up to $6 million.

How to keep your data safe

There are several actions healthcare organizations can take to not only help protect against cyber attacks but also recover from one should they be hit.

First, it’s important to have a robust isolated recovery plan and reliable recovery technology to support it. In the current cyber landscape, healthcare data is highly sought after by attackers and, unfortunately, this means an attack is inevitable for many healthcare organizations.

Second, it’s also critical that your healthcare organization frequently back up data so that, should you be hit by an attack, you can restore your data in a timely manner and, hopefully, reduce downtime.

Third, you may want to consider taking your data backup plan a step further by not only storing your back up information in a secure data center, but then also disconnecting your network from that data center until you need to either access that information again or refresh the backup data. This adds another level of security to your backup and isolated recovery plan.

Having all three of these security procedures in place will not only increase the effectiveness of your cybersecurity but also help you recover from an attack faster.