Hospitals spend more after data breach, but there is a fix

June 22, 2021//Dan Fabbri

Last Updated: August 23, 2021

Two recently published reports discuss the high cost of healthcare data breaches organizations can incur. The Department of Health and Human Services estimates that it takes a breached healthcare organization a full year to recover. From fines and lawsuits, to having to rebuild the hospital’s reputation, it is hours of work at a high cost. Both studies, however, found that there is a way to mitigate these costs and resolve the issue before it starts – better data security and privacy controls.

In July 2018, the Ponemon Institute published a report analyzing the costs of data breaches that have occurred over the 12 months preceding the report. The Institute discovered three things:

  1. Faster identification of a data breach reduced costs
  2. Hackers and criminal insiders caused the most data breaches (48%)
  3. The loss of customers had significant financial consequences on the organization

Moreover, after breaches, organizations can lose customers, which hurts their bottom line. The average cost of organizations losing less than one percent of their customers was $2.8 million; however, the average cost increased to $6 million if the organization lost four percent or more of their customers due to a data breach. The average organizational cost for a data breach in the United States was $7.91 million. The healthcare industry had the highest rate of customer churn (6.7%) associated with a data breach, while the average customer churn rate associated with a breach was 3.4%.

What is the weakest link in data security for a hospital or large hospital system network?

The point of access Email accounts VPNs

AThe point of access; Absolutely correct. The point of access is where the majority of breaches occur. However, third-party protection is the best defense an organization can have.

Learn More

APhishing is absolutely a risk an organization should be aware of and protected against, but the weakest link overall is the point of access.

Learn more about remote access success stories.

Learn More

AWhile VPNs are not as secure as an organization may think, they offer some protection. The weakest link in data security, however, is the point of access. That’s a point that VPNs don’t protect against.

Learn why VPN shouldn’t be your only solution.

View Infographic

The cost of remediating a data breach is also high with the U.S. having the highest notification costs associated with breaches at $740,000. Heavily regulated industries such as healthcare have the highest costs associated with data breaches. The per capita cost for each record breached in the healthcare sector was $408. The healthcare sector also had the highest average time to contain a data breach at 100 days and the second-highest average time to identify a breach, at 255 days.

Part of the costs of managing a breach include marketing and advertising. In a recent report from the American Journal of Managed Care, it was found that hospitals spend 64% more annually on advertising after a data breach over the following two years. This increase is due to the cost that comes with repairing the hospital’s image and trying to minimize patient loss to competitors.

A common theme from both reports is that the deployment of additional and more advanced security controls can mitigate breach costs. The Ponemon Institute stated that the “deployment of an artificial intelligence platform as part of a security automation solution” influenced the cost of a data breach. The Institute found that “deployment of an AI platformed saved $8 per compromised record.” Similarly, the American Journal of Managed Care researchers wrote that “advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security.”

The Ponemon Institute also found the cost of a data breach is lower, the faster the breach is identified. Companies that identified a breach in less than 100 days saved more than $1 million when compared to companies that took over 100 days. The best way to mitigate the costs of a data breach is by having the proper policies and solutions in place to identify a data breach early. Quick identification could result in millions of dollars being saved as a hospital works to rebuild their business and image following a breach.

 

Ponemon Institute. (2018, July)
2018 Cost of a Data Breach Study: Global Overview.
Ponemon Institute, 2018, pp. 9-10
Ponemon Institute, 2018, p. 15
Ponemon Institute, 2018 p. 25
Ponemon Institute, 2018 p. 27
Ponemon Institute, 2018 p. 18
Ponemon Institute, 2018 p. 35
Health IT Security (2019, January)
Ponemon Institute, 2018, p. 22
Ponemon Institute, 2018, p. 9

close close