RECALIBRATE YOUR HEALTHCARE STRATEGY
Learn 4 strategic pivots for 2025 and beyond.
Learn more

Daily Briefing

Cyberattacks are particularly costly in health care. Why?


Across all industries, health care faces the largest financial toll from cyberattacks, losing an average of $10.1 million for every data breach that occurs, according to IBM's Cost of a Data Breach 2022 report.

3 steps to (finally) address your cybersecurity 'elephant in the room'

The high cost of data breaches

For the report, IBM collected national data from more than 550 organizations worldwide across several industries, including health care, technology, hospitality, and education, between March 2021 and March 2022 to analyze the impact of cyberattacks.

Overall, IBM found that the average cost of a data breach worldwide was $4.35 million, the highest to date. Similarly, the average cost of a data breach for critical infrastructure organizations, such as those in technology, transportation, energy, or health care, was $4.82 million—around $1 million more than the average in other industries.

In the United States, the average cost of a data breach was even higher, reaching $9.44 million in 2022. After the United States, the Middle East ($7.46 million), Canada ($5.64 million), the United Kingdom ($5.05 million), and Germany ($4.85 million) had the highest costs for data breaches.

Across all industries, health care was the most significantly affected by data breaches, with each breach costing companies an average of $10.1 million. This is roughly a 10% increase from the average cost of a breach for health care companies in 2021 and a 42% increase from the cost in 2020.

According to Sher Baig, who works in global cyber commercialization at GE Healthcare, large hospitals can lose up to $50 million in a single quarter due to cyberattacks. Some of these losses may even be large enough to force some hospitals out of business.

The other industries in the top five include financial, pharmaceuticals, technology, and energy, whose breach costs range from $4.72 million to $5.97 million.

Why hospitals are more vulnerable to cybersecurity attacks

According to Limor Kessem, a principal consultant in cyber crisis management for IBM's Security X-Force, health care organizations are more vulnerable to cybersecurity attacks because of their complex technology infrastructures. Many organizations also run outdated programs on devices they use every day, which exacerbates the problem.

In a survey of 517 hospital leaders from Cynerio, a cybersecurity company, many leaders reported experiencing multiple attacks if their systems had already been hit before. Overall, 11% of respondents said their health care systems were attacked 25 or more times.

IBM's report also found that highly regulated industries like health care typically take longer to recover from data breaches compared to organizations that are less regulated. Generally, it can take a health care organization more than 10 months to recover from a data breach.

In addition to financial costs, some cyberattacks can affect patient care and potentially cost lives if medical systems are affected. Among the cyberattacks studied by Cynerio, almost a quarter resulted in higher patient mortality because lifesaving medical treatments were disrupted.

"Attacks that take place in real time cause direct losses to hospitals, which have to reroute patients, deny care, lose access to electronic health records and see the risk to human lives rise as a result of the attack," Kessem said. "That's on top of staff distress and having to revert to manual procedures and paperwork."

Overall, hospital leaders need to have a defense plan against cyberattacks in place not only to prevent financial losses but also to avoid potentially endangering patients if critical systems go down.

"I highly recommend having an incident response plan, a team in place to carry out the response, and drilling that plan to improve over time," Kessem said. "A special playbook for ransomware cases can not only save costs for the hospital—about 58% of the breach’s cost—but it can also save lives." (Neber, Crain's New York Business/Modern Healthcare, 8/9; IBM Cost of a Data Breach 2022 report, accessed 8/10)


SPONSORED BY

INTENDED AUDIENCE

AFTER YOU READ THIS

AUTHORS

TOPICS

INDUSTRY SECTORS

MORE FROM TODAY'S DAILY BRIEFING

Don't miss out on the latest Advisory Board insights

Create your free account to access 1 resource, including the latest research and webinars.

Want access without creating an account?

   

You have 1 free members-only resource remaining this month.

1 free members-only resources remaining

1 free members-only resources remaining

You've reached your limit of free insights

Become a member to access all of Advisory Board's resources, events, and experts

Never miss out on the latest innovative health care content tailored to you.

Benefits include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox

You've reached your limit of free insights

Become a member to access all of Advisory Board's resources, events, and experts

Never miss out on the latest innovative health care content tailored to you.

Benefits include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox
AB
Thank you! Your updates have been made successfully.
Oh no! There was a problem with your request.
Error in form submission. Please try again.