In today’s evolving cyber landscape, each industry has experienced its share of data breaches. No organization, regardless of size, industry, or current in-house capabilities, is immune from the possibility of a successful cyberattack. In past years, healthcare has topped the list as the industry with the highest average cost of a data breach. Now, IBM Security’s newly released Cost of a Data Breach Report 2022 reveals that healthcare is the most costly industry for the 12th consecutive year. The report shows findings on the average cost of a breach and discusses the leading factors that can contribute to higher costs, such as dwell time and heightened compliance requirements.

Average cost of a breach

The average data breach for organizations in the healthcare industry increased from $9.23 million to a total of $10.1 million, according to the report. That’s a substantial increase of $870,000, or 9.4%, since last year’s report and 41.6% since the 2020 report. By contrast, the financial industry came in a distant second for highest average cost, averaging $5.97 million. Across all industries, the average total cost of a data breach was an all-time high of $4.35 million, a 12.7% increase since 2020.

Dwell time

Cybercriminals can remain undetected in a network for months or even years. A long dwell time, which is the time frame between the initial unauthorized access and containment of the breach, provides a greater opportunity for cybercriminals to cause harm to a network and compromise patient data. In 2022, the average dwell time was reduced from 287 days to 277 days for a year-over-year decrease of 10 days, according to the report. The report also shows that breaches taking more than 200 days to identify and contain cost an average of $4.86 million, but breaches taking fewer than 200 days cost an average of $3.74 million. The longer dwell time cost an average of $1.12 million. 

“The longer the dwell time, the greater the potential impact,” said Lyndon Brown, Chief Strategy Officer at Pondurance. “But there are steps your healthcare organization can take to reduce dwell time and minimize the impact to your network. Modern managed detection and response services can provide prevention, detection, and threat hunting, and integrated incident response to protect your healthcare organization against such threats. The goal should be to detect unauthorized access in minutes.”

Heightened regulation and compliance requirements 

As you know, the healthcare industry must follow strict regulation and compliance requirements to avoid penalties. The report looks at how costs accrued following a data breach and finds that high data protection regulatory environments, such as healthcare, tended to continue to accrue data breach costs in later years. On average, organizations in high regulatory environments accrued 45% of breach costs in the first year, 31% in the second year, and 24% more than two years after the initial breach. However, in low regulatory environments, 66% accrued costs in the first year, 26% accrued costs in the second year, and only 8% accrued costs more than two years after the breach. The report concludes that legal and regulatory costs may have contributed to the higher costs in later years.

“Healthcare organizations have complex compliance and privacy requirements, and those requirements mean cybersecurity partners must have extensive knowledge of the regulations, and associated systems,” said Brown. “Pondurance’s experts have that depth of experience to navigate healthcare compliance issues and safeguard sensitive patient information against a data breach. We’ve been there, done that.”

Improving Your Bottom Line

The cybersecurity landscape continues to evolve, and as the report reveals, the cost of a data breach continues to rise for the healthcare industry. But there are ways to protect your healthcare organization from the high cost of a data breach. 

Learn how to improve your cybersecurity bottom line in our webinar.