Costliest Breaches in Health Care
For the 12th year in a row, health care participants saw the costliest breaches among industries. The average breach costs in health care increased by nearly $1 million to reach a record high of over $10 million.
Shawn Surber is vice president of solutions architecture and strategy at Tanium.
“Health care continues to suffer the greatest cost of breaches, but has among the lowest spend on cybersecurity of any industry, despite being deemed critical infrastructure,” he said. “The increased vulnerability of health care organizations to cyber threats can be traced to outdated IT systems, the lack of robust security controls, and insufficient IT staff, while valuable medical and health dat a— and the need to pay ransoms quickly to maintain access to that data — make health care targets popular and relatively easy to breach. Unlike other industries that can migrate data and sunset old systems, limited IT and security budgets at health care organizations make migration difficult and potentially expensive, particularly when an older system provides a small, but unique function or houses data necessary for compliance or research, but still doesn’t make the cut to transition to a newer system. Hackers know these weaknesses and exploit them. Additionally, health care organizations haven’t sufficiently updated their security strategies, and the tools … haven’t been robust enough to thwart the more sophisticated techniques of threat actors.”
Additional findings in the IBM report include:
- While compromised credentials continued to reign as the most common cause of a breach, phishing was the second and the costliest cause, leading to nearly $5 million in average breach costs for responding organizations.
- Sixty-two percent of studied organizations said they are not sufficiently staffed to meet their security needs, averaging $550,000 more in breach costs than those that state they are sufficiently staffed.
