Skip to main content
close search
site logo
Dive Brief

Average cost of healthcare data breach reaches $11M, report finds

The sector continues to be the most expensive industry for data breaches, with costs increasing 53% since 2020.

Published July 25, 2023
Emily Olsen's headshot
Reporter
A picture of a doctor's chest with a stethoscope around the neck.
Dominique Entzminger, a physician assistant of family medicine, wears a stethoscope during an examination at the Codman Square Health Center April 5, 2006 in Dorchester, Massachusetts. Joe Raedle/Getty Images via Getty Images

First published on

Healthcare Dive

Dive Brief:

  • Healthcare continues to be the most expensive industry for data breaches, beating out other sectors for the 13th year in a row, according to research conducted by the Ponemon Institute and published by IBM Security
  • The average cost of a healthcare data breach reached nearly $11 million in 2023, an increase of 8% from last year and a 53% jump since 2020, the report found. 
  • Although the healthcare sector faces high levels of industry regulation, expenses accrued from data breaches in the sector were almost double compared to the financial industry, which saw the second-most expensive data breaches at $5.9 million.

Dive Insight: 

The IBM report, which analyzed more than 550 organizations that experienced data breaches between March 2022 and 2023, found healthcare had “notably higher” average data breach costs since the COVID-19 pandemic. 

The industry was left more vulnerable to attacks after the pandemic spurred a wave of burnout and staff shortages, according to a Moody’s report. 

The number of healthcare data breaches has increased nearly every year since 2009, according to a Healthcare Dive analysis. Hacking incidents in particular have ballooned, as hospitals are profitable targets for ransomware, where criminals demand payment in exchange for returning access to critical data. 

A ransomware attack against Chicago-based CommonSpirit Health late last year compromised protected health information of almost 624,000 patients, interrupted access to electronic health records and delayed care. In a May earnings report, the health system said losses due to the breach grew to more than $160 million.

The prevalence of hospital data breaches is leading to court battles. Baltimore-based Johns Hopkins Health System is currently facing a class action lawsuit after the system discovered a third-party breach this spring.

Costs are on the the rise for other critical infrastructure industries too, including financial services, the public sector, energy, transportation, education and communication. 

Average data breach expenses were nearly 29% higher for critical infrastructure companies compared with other industries, and costs rose nearly 5% from 2022. 

These industries were frequently targeted by ransomware last year, according to the FBI Internet Crime Complaint Center. But it can be difficult to gauge the number of ransomware incidents, as many aren’t reported to law enforcement.

That could be a mistake when it comes to cost, wrote researchers behind the IBM report. Organizations in the study that involved law enforcement saved $470,000 in average breach costs.

Still, 37% of victims in the report didn’t contact law enforcement.

Recommended Reading

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell