Natali_Mis/istock via Getty Imag
Average cost of a healthcare data breach sits at $9.77M
Healthcare data breach costs fell by 10.6% in 2024 but remain higher than in any other industry, IBM found in its yearly report.
The average cost of a healthcare data breach fell by 10.6% in 2024, resting at $9.77 million, IBM revealed in its annual "Cost of a Data Breach Report 2024." Despite the drop, healthcare retained its status as the costliest industry for data breaches for the 14th year in a row.
Ponemon Institute conducted the IBM-sponsored report, which consisted of analyzing 604 organizations affected by data breaches between March 2023 and February 2024.
The financial services industry followed healthcare in terms of costliness, with average data breach costs of $6.08 million.
Although healthcare data breach costs went down, the global average cost of a data breach across all industries increased by 10% over the previous year, reaching $4.88 million. Researchers attributed the spike to costs related to business disruption and post-breach response activities.
For example, 70% of studied organizations reported experiencing a significant or very significant business disruption resulting from a breach. Business disruptions can range from low-level breaches that affect a few systems to organization-wide outages.
Organizations that reported very significant disruptions faced costs that were 7.9% higher than average.
In terms of post-breach response activities, the price of staffing customer service help desks, setting up credit monitoring for breach victims and paying regulatory fines drove costs up in this category.
Due to the pricey nature of data breaches, researchers observed companies looking to make up for losses elsewhere. Specifically, 63% of analyzed companies planned to pass these costs on to customers in the form of price hikes, compared to 57% last year.
"Having customers absorb these costs can be problematic in a competitive market already facing pricing pressures from inflation," the report noted.
As industries continue to face a high volume of cyberattacks and data breaches, they are also grappling with a growing cybersecurity skills shortage, the report found. More than half of the studied organizations reported high levels of security staffing shortages, signifying a 26.2% increase from last year.
"Even as 1 in 5 organizations say they used some form of gen AI security tools -- which are expected to help close the gap by boosting productivity and efficiency -- this skills gap remains a challenge," the report added.
In terms of the data affected by these breaches, customers' personally identifiable information was the most common type of data stolen or compromised across all industries. Additionally, phishing and stolen or compromised credentials remained the top two attack vectors for the second year in a row.
Despite the steep costs associated with data breaches, there are ways to minimize these costs. For example, researchers found that organizations that suffered ransomware attacks and worked with law enforcement saw cost savings of about $1 million compared to companies that did not bring in law enforcement. What's more, involving law enforcement helped shorten the breach containment time from 297 days to 281 days.
In addition, organizations have been increasingly using AI and automation to lower average breach costs.
"That correlation is striking and one of the key findings of this year's report," IBM stated. "Organizations not using AI and automation had average costs of USD 5.72 million, while those making extensive use of AI and automation had average costs of USD 3.84 million, a savings of USD 1.88 million."
Considering the results of the report, IBM recommended that organizations focus on completing data inventories, taking a security-first approach to AI and improving cybersecurity response training to lower the costs of a data breach.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.