Politico’s recent investigation revealed a record number of cyber security breaches in healthcare, exposing the protected health information of an estimated 50 million people. Healthcare data is highly sought after. Sold on the dark web, healthcare data is used for false identification documents and to make false Medicare claims, amongst other things.
Financial Damages Highest for Security Breaches in Healthcare
Security breaches in healthcare are increasing, and so are the costs. The 2022 IBM Data Breach Report shows that financial damages resulting from security breaches have been the highest in the healthcare industry for 12 consecutive years. Detailing data breaches from March 2021 to March 2022. The IBM Data Breach Report concludes that, on average, security breaches in healthcare cost $10.1 million. It also found that companies that invested in Artificial Intelligence (AI) and other automated security technology reported lower average security breach costs. Many companies have realized the enormous benefits and cost savings available to those who deploy automated and AI cyber-defenses. Automation and AI also sped up the detection and containment of the breach by an average of 74 days.
Insurers Don’t Offer Full Protection Against Financial Losses
Though many companies insure themselves against business interruption costs due to security breaches in healthcare, the Government Accountability Office (GAO) reported that insurers limit their exposure to cyberattack losses. For example:
- Scripps Health suffered a massive cybersecurity attack in May 2021. It cost $133 million, mostly in lost business. However, their insurers only covered $35 million of the cost, as described in their quarterly financial reports.
- The medical faculty at the University of Vermont lost $54 million in a cyber-attack in October 2020. Their insurers reimbursed $30 million.
- The 2020 Universal Health ransomware attack closed 250 hospitals across the country and cost the company $67 million in lost revenue. Universal Health’s insurance covered $30 million, under half of the actual financial losses.
Government To Intervene to Reduce the Risk of Security Breaches in Healthcare
The GOA report suggested that there may be a need for government insurance options. This need is echoed by healthcare executives who have called for more government support to defend critical infrastructure from cyber-attacks.
The Healthcare Cybersecurity Act, a bipartisan bill, was introduced to the Senate in March. It aims to guide the Cybersecurity and Infrastructure Security Agency (CISA) to work with the Department of Health and Human Services to Prepare healthcare and public health organizations to understand and defend themselves from cyber-attacks.
The IBM Data Breach Report Highlights Cyber-Security Investment Needs
The IBM Data Breach Report again underlines the growing urgency for healthcare executives to increase vigilance and automate cyber-defense mechanisms. Unless they do, they will expose their organizations to financial loss and the client healthcare data to privacy breaches.
HIPAA Compliant Social Media for Professionals
Tips and tricks for using social media to grow your practice without violating legal requirements.