September 29, 2022

Average breach costs in healthcare increased to $10.1 million this year.

The healthcare industry has been hit hard financially by an increase in data breaches, with the average breach costs in healthcare increasing by nearly $1 million in 2021 to $10.1 million in 2022, according to recent data from IBM.

For 12 consecutive years the healthcare industry—defined as hospitals and clinics in the IBM research—has had the highest average cost of data breaches per year, with financial organizations coming in second. Sixty percent of organizations across a variety of industries have reported needing to increase the price of their products and services because of costly data breaches. However, the IBM report shows that the right strategies coupled with the right technology can make a positive and significant difference when healthcare organizations are attacked.

Healthcare organizations have reported nearly two-times as many breaches between January and July of 2022 than for the same period last year, according to a Politico report. Additionally, four out of five organizations surveyed by IBM said they’d experienced at least one successful attack.

Some organizations may think the best approach is to simply pay the ransomware demands and move on, but the IBM data shows this approach is more costly—especially when factoring in the cost of the ransom. Those in the study who decided to pay saw only $610,000 less in average breach costs compared to those that chose not to pay—and that is not including the cost of the ransom. 

Investing in security AI and automation is the best way to protect against costly attacks, the IBM report says. Breaches at organizations with fully deployed security AI and automation cost $3.05 million less than breaches at organizations with no security AI and automation deployed. This 65.2% difference in average breach cost represented the largest cost savings in the study. Additionally, companies with fully deployed security AI and automation were able to identify and contain a breach in a shorter span—74 days shorter—than companies with no AI and automation. The use of security AI and automation has jumped from 59% in 2020 to 70% in 2022.

“Businesses need to put their security defenses on the offense and beat attackers to the punch,” Charles Henderson, Global Head of IBM Security X-Force, said in a release announcing the IBM findings. “It’s time to stop the adversary from achieving their objectives and start to minimize the impact of attacks. The more businesses try to perfect their perimeter instead of investing in detection and response, the more breaches can fuel cost of living increases.”

Amanda Schiavo is the Finance Editor for HealthLeaders.