June 22, 2021//Dan FabbriLast Updated: July 30, 2021
Two recently published reports discuss the high cost of healthcare data breaches organizations can incur. The Department of Health and Human Services estimates that it takes a breached healthcare organization a full year to recover. From fines and lawsuits, to having to rebuild the hospital’s reputation, it is hours of work at a high cost. Both studies, however, found that there is a way to mitigate these costs and resolve the issue before it starts – better data security and privacy controls.
Moreover, after breaches, organizations can lose customers, which hurts their bottom line. The average cost of organizations losing less than one percent of their customers was $2.8 million; however, the average cost increased to $6 million if the organization lost four percent or more of their customers due to a data breach. The average organizational cost for a data breach in the United States was $7.91 million. The healthcare industry had the highest rate of customer churn (6.7%) associated with a data breach, while the average customer churn rate associated with a breach was 3.4%.
The cost of remediating a data breach is also high with the U.S. having the highest notification costs associated with breaches at $740,000. Heavily regulated industries such as healthcare have the highest costs associated with data breaches. The per capita cost for each record breached in the healthcare sector was $408. The healthcare sector also had the highest average time to contain a data breach at 100 days and the second-highest average time to identify a breach, at 255 days.
Part of the costs of managing a breach include marketing and advertising. In a recent report from the American Journal of Managed Care, it was found that hospitals spend 64% more annually on advertising after a data breach over the following two years. This increase is due to the cost that comes with repairing the hospital’s image and trying to minimize patient loss to competitors.
A common theme from both reports is that the deployment of additional and more advanced security controls can mitigate breach costs. The Ponemon Institute stated that the “deployment of an artificial intelligence platform as part of a security automation solution” influenced the cost of a data breach. The Institute found that “deployment of an AI platformed saved $8 per compromised record.” Similarly, the American Journal of Managed Care researchers wrote that “advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security.”
The Ponemon Institute also found the cost of a data breach is lower, the faster the breach is identified. Companies that identified a breach in less than 100 days saved more than $1 million when compared to companies that took over 100 days. The best way to mitigate the costs of a data breach is by having the proper policies and solutions in place to identify a data breach early. Quick identification could result in millions of dollars being saved as a hospital works to rebuild their business and image following a breach.
Ponemon Institute. (2018, July). 2018 Cost of a Data Breach Study: Global Overview. Retrieved from https://www.ibm.com/security/data-breach
Ponemon Institute, 2018, pp. 9-10
Ponemon Institute, 2018, p. 15
Ponemon Institute, 2018 p. 25
Ponemon Institute, 2018 p. 27
Ponemon Institute, 2018 p. 18
Ponemon Institute, 2018 p. 35
Health IT Security (2019, January), Hospitals Spend 64% More on Advertising After a Data Breach https://healthitsecurity.com/news/hospitals-spend-64-more-on-advertising-after-a-data-breach
Ponemon Institute, 2018, p. 22
Ponemon Institute, 2018, p. 9