As recently reported by HealthITSecurity, IBM Security’s 2023 Cost of a Data Breach Report revealed that the average cost of a healthcare data breach was almost $11 million in 2022, an $800,000 increase from the prior year and a 53% increase from 2020. The report further revealed that the global average cost of a data breach across all sectors in 2023 was $4.45 million, a 15% increase over the past three years.

IBM’s report analyzed 553 organizations impacted by data breaches during the time period between March 2022 and March 2023. To calculate the cost of data breaches, researchers involved in preparing the report took detection isolation, notification, post-breach response, and lost business costs into account.

The researchers found that the healthcare sector experienced the highest average cost of any industry for the 13th consecutive year. Critical infrastructure faced average breach costs that were significantly higher than other industries, and U.S.-based organizations faced higher breach costs overall than any other country.  

The IBM report further included these key findings:

  • Approximately 5% of the breaches studied were the result of known vulnerabilities that had yet to be addressed;
  • Despite an increased emphasis on cybersecurity, benign third parties or threat actors themselves were more likely to be the ones to identify a breach versus the internal security teams;
  • A shorter breach lifecycle was associated with an overall reduction in total cost for the breach;
  • Nearly a quarter of all attacks that were analyzed involved ransomware;
  • It was observed that organizations that stored data in public cloud systems and multiple environments observed higher costs and longer breach lifecycles; and
  • Only 51% of organizations that suffered a breach reported increasing security investment following the breach.

The IBM report underscores the critical importance of security teams being vigilant and organizations making appropriate investments in cybersecurity. While cybersecurity initiatives can be costly, the average expense of a data breach more than justifies that cost. Moreover, ensuring that your organization has the requisite procedures in place to identify, investigate and remediate a potential data breach quickly and efficiently is critical to minimizing both harm and expense.

Organizations would be well advised to review their HIPAA/HITECH policies and procedures, their compliance programs, and their cybersecurity insurance to ensure they have taken all necessary steps to minimize these risks and prepared their organizations to promptly respond should an incident arise.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of John W. Kaveney John W. Kaveney

Partner, Healthcare and Litigation Departments

Mr. Kaveney focuses his practice in the area of healthcare law, representing a range of clients that includes for-profit and non-profit hospitals and health systems, academic medical centers, individual physicians and physician groups, ambulatory surgery centers, ancillary service…

Partner, Healthcare and Litigation Departments

Mr. Kaveney focuses his practice in the area of healthcare law, representing a range of clients that includes for-profit and non-profit hospitals and health systems, academic medical centers, individual physicians and physician groups, ambulatory surgery centers, ancillary service providers, medical billing companies, skilled nursing and rehabilitation facilities, behavioral health centers and pharmacies.

His practice in the healthcare field encompasses advising healthcare clients on corporate compliance matters, including the implementation of new, and the assessment of existing, corporate compliance programs. He also assists healthcare clients with compliance audits and investigations, as well as guiding clients through the self-disclosure and repayment processes. Finally, he provides general legal advice concerning compliance and regulatory matters under state and federal healthcare laws.

In the area of information privacy and data security, Mr. Kaveney advises healthcare clients on issues arising under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). This includes the implementation and assessment of privacy and security policies and procedures to ensure the proper protection and utilization of protected health information both by healthcare providers and the business associates with which they contract. In addition, he represents healthcare clients in investigating, reporting, and remediating information breaches and the liability such breaches create under various information privacy and security laws.

Additionally, Mr. Kaveney provides counsel on Medicaid and Medicare reimbursement matters before the Division of Medical Assistance and Health Services and the Provider Reimbursement Review Board, as well as assisting clients in civil litigation and with professional licensing and medical staffing concerns.

Contact information:

jkaveney@greenbaumlaw.com | 973.577.1796 | vCard | LinkedIn

For more information visit the Greenbaum, Rowe, Smith & Davis LLP website.