With many healthcare organizations now coordinating the care of millions of patients and an increasing number of devices and systems connected to the Internet, the threat to the protection of patient healthcare information is on the rise, and carries with it a staggering cost to the public health service.
This year IBM Security and Ponemon Institute released the 13th annual Cost of Data Breach Study. The results of this study are formed from interviews with almost 500 companies across various industries who have experienced a data breach in the past 12 months, and provide an analysis of the key factors involved and the cost implications to their organization.
This year’s findings revealed that the average global cost of breached data totalled over $3.8 million, a 6.4 percent increase when compared with the report released in 2017.
The study also showed that costs associated with data breaches in the healthcare industry were the highest across all industries for the 8th consecutive year. The 2018 report estimated costs of $408 per record, almost 3 times the cross-industry average.
A mega breach is classed as a breach of over 1 million confidential records. Since 2013, the number of mega breaches has soared from 9 breaches to 16 breaches in 2017.
Key mega breach findings in the 2018 Cost of Data Breach study include:
- A mega breach takes an average of 365 days to detect, whereas a smaller scale breach take only 266 days
- The average mega breach incurs costs of nearly $40 million dollars
- The largest expense associated with mega breaches was as a result of lost business, estimated at nearly $118 million for breaches of 50 million records (over 30% of the total costs incurred by a breach of this size)
Prevention and protection
47% of all breaches in the study were as a result of malicious attacks from illegal hackers, with the other 53% consisting of system malfunctions or human error. This suggests there is almost an equal threat to data protection both inside and outside an organization. As a result, healthcare providers must invest in sufficient training and security tools to minimize the risk of a data breach situation, for example the introduction of password encryption, staff education programs and data analytics technology.
Research also suggests that implementing effective preventative measures will reduce the overall costs involved with managing a data breach. Unlike previous reports, the 2018 Cost of Data Breach Study looked at the use of security automation tools to identify and contain a data breach and found that organizations in which automated security technologies had been extensively deployed saw a saving of over $1.5 million off the total cost of a breach.