What is the cost of a health care data breach in the US?

The health care sector is the sector worst-affected by data breaches, a US government report has revealed.

According to the US Department of Health and Human Services’ 2020 Healthcare Breach Report, security incidents in the hospitals and medical clinics resulted in losses of $13 billion.

It is also among the most frequently breached sectors. More than 640 incidents were reported to the Department of Health and Human Services, with 29 million records being compromised.

This represents a 25% increase year-on-year in the number of data breaches, with incidents doubling in the past six years.

Health care breaches are more expensive than average

The report also found that the average cost per breached record increased from $429 in 2019 to $499 in 2020.

This is significantly higher than the average cost of a breached record, which Ponemon Institute’s Cost of a Data Breach estimates as being $146.

One reason for this is that health care data is far more valuable to cyber criminals, as it includes detailed personal details in addition to medical issues that can damage affected individuals and be used by attackers to launch tailored scams.

The value of health care data also explains why criminals are increasingly targeting the sector. Indeed, they are helped by the fact that health care firms struggle to implement appropriate defences.

According to the government report, system weaknesses are among the most common vulnerabilities. It found that 67% of data breaches in the health care sector was the result of criminal hacking.

Anurag Kahol, CTO of Bitglass noted: “The exceedingly high number of hacking and IT incidents highlight the shifting strategies of malicious actors.

“As healthcare organizations continue to embrace cloud migration and digital transformation, they must leverage the proper tools and strategies to successfully protect patient records and respond to the growing volume of threats to their IT ecosystems.”

How to protect your organization

Those looking to tackle the threat of cyber security incidents need to understand that even the most prepared organizations are at risk. There are simple too many vulnerabilities and too many cyber criminals to prevent.

As such, an effective defence plan requires you to consider what will happen in the event of a breach as well as how you can keep attackers at bay.

By dealing with the threat quickly and effectively, you can reduce the associated costs dramatically and ensure that your operations can get up and running again with minimal delays.

IT Governance can help you understand how to do that in our free green paper: The Data Breach Survival Guide – Preparing for the inevitable.

It contains a step-by-step walkthrough of a typical data breach response process, including your obligations on reporting the incident to supervisory authorities and individuals.

You’ll also receive expert tips on how to quickly stem the damage and protect your reputation as you complete the response process.


A version of this blog was originally published on 21 March 2018.