Healthcare Data Breach

According to the IBM Cost of a Data Breach report healthcare is, compared with other sectors, by far the most impacted by a data breach

AJ Thompson, CCO, Northdoor plc


IBM’s Cost of a Data Breach report has highlighted the increasing cost for organisations that suffer a data breach in the healthcare sector. The report found that the average cost of a data breach is now at $10.93 million. This represents an increase of 53.3 percent since the 2020 report.

This is some way above the average cost of a data breach across all sectors, which sits at $4.45 million and highlights just how impactful breaches on healthcare organisations are.


Why is healthcare so impacted by data breaches?

Healthcare is top of the average cost for a data breach when compared to other verticals and by some margin. The next on the list is the financial sector at $.5.90 million, followed by pharmaceuticals at $4.82 million.

There are a number of reasons for the huge difference in the cost of a breach. The sector is very highly regulated, which increases the cost immediately and is considered by most governments as a critical infrastructure.

The nature of the data held by healthcare organisations also means that it is an incredibly tempting target for cyber criminals. In the US the number of individual patients impacted by data breaches in the healthcare sector so far in 2023 (up to July) is staggering. The HHS’ Office for Civil Rights reported that 59,569,604 individual patient records had been exposed and that the average data breach size, so far for 2023 is 150,809 records.

In the UK a cyber attack on the University of Manchester saw more than a million NHS patient’s details compromised and various NHS Trusts have been compromised, mainly by ransomware attacks.

It’s clear then that the healthcare sector is very much in the sights of the cyber criminals. The nature and perceived value of the data as well as some of the vulnerabilities that the sector experiences (particularly third party/supply chain attacks), means that healthcare organisations have to do more to protect themselves.


Phishing and stolen or compromised credentials responsible for majority of attacks

The IBM report also found that phishing and stolen or compromised credentials were the two most common initial attack vectors (the way for the attacker to enter a network or system) across all verticals. We have seen cyber criminals use increasingly sophisticated phishing attacks to target employees, who are often considered the ‘weakest link’ in the security defences of a company. This is reflected in the report with phishing attacks responsible for 16 percent of breaches and stolen or compromised credentials responsible for 15 percent.

These were followed by cloud misconfiguration at 11 percent, followed by business email compromised at 9 percent.

Companies, therefore, have to ensure that the weakest link in their security defences is strengthened considerably. The nature of the most recent phishing attacks means that employees have very little chance of being to filter out legitimate messages and malicious emails and need help in doing so.

This is particularly important in the healthcare sector where any downtime can have a huge impact on frontline services, impacting, staff, but more importantly, patients.


AI and automation save time and money and help keep cyber criminals out

The use of AI and automation solutions have had, according to the IBM report, a real impact for organisations that use such solutions extensively within their defences. On average those organisations with such solutions in place were able to identify and contain a breach 108-days shorter than those without. These companies also reported a $1.76 million lower data breach cost compared to organisations that didn’t have such capabilities.

Whilst the cost of a data breach is a real worry for the healthcare sector, the ability to shorten the amount of time a breach impacts frontline services or lessens the amount of incredibly sensitive data stolen has to be a good thing.

One of the main routes in for cyber criminals alongside employees, is through third parties and healthcare suppliers. Supply chains in the healthcare sector tend to be incredibly large and complex and so many organisations find it almost impossible to have any insight into where vulnerabilities might lie in the network.

No matter how much is spent on frontline defences, if partners have not closed vulnerabilities within their own systems they are, essentially, opening the backdoor open for cyber criminals to gain access to healthcare data. Some are turning to AI-powered solutions to ensure that they have 360-degree view of their supply chain.

Current methods of ascertaining a partner’s or potential partner’s cyber security practices usually involves a questionnaire which relies on the knowledge and honesty of partners. This obviously is no longer an acceptable nor effective way of understanding the cyber defensive capability of healthcare supply chains. Using the latest technology such as AI to gain a near, real-time view of where vulnerabilities lie within their supply chains, gives healthcare organisations the opportunity to urgently speak to partners and close vulnerabilities before cyber criminals are able to take advantage of them.

Whilst the report’s headlines will be focused on the ever-increasing cost of a data breach for most companies and particularly the healthcare sector, there are, as has been discussed, some positives. The impact that implementing AI solutions helps to cut the cost and amount of time to identify and deal with a breach and healthcare organisations need to start looking at such approaches if they have not already.

Cyber criminals are not going away and are only going to be increasing the number and level of sophistication of their attacks. Healthcare organisations must address the weak points of their defences, whether that be employees or vulnerabilities within their supply chain, or be prepared to pay a huge cost and loss of critical frontline services.