A data breach within a healthcare system could cost in excess of $10 million—more than in any other sector—according to a new report.
The cost is on the rise, up about $1 million from last year. The uptick is partially due to increasingly integrated technology systems.
The report, released by IBM at the end of last month, collected national data from more than 550 organizations across industries from March 2021 to March 2022, analyzing how cybersecurity attacks impact organizations. Breaches within the healthcare sector have cost companies $10.1 million per breach, a nearly 10% increase from last year and a 42% increase from 2020. The average cost of a critical infrastructure data breach globally in any industry was just under $4.5 million.
Financial organizations experience the second-most-expensive breaches, at nearly $6 million per breach, IBM reports.
Cyberattacks can happen in many different ways, said Limor Kessem, a principal consultant in cyber crisis management for IBM’s Security X-Force. Destructive attacks and ransomware attacks—wherein hackers disrupt a hospital’s technologies, for example, and ask the hospital to pay a ransom in order to get access back—are disruptive as well as costly.
“Attacks that take place in real time cause direct losses to hospitals, which have to reroute patients, deny care, lose access to electronic health records and see the risk to human lives rise as a result of the attack,” Kessem told Crain’s. “That’s on top of staff distress and having to revert to manual procedures and paperwork.”