What is the cost of cybersecurity in healthcare?
The cost of cybersecurity in healthcare varies significantly based on the technology needed in the organization, the amount of data the organization handles, the number of employees, amongst many other factors.
According to the IBM Cost of a Data Breach Report published 2021, the average cost of a data breach in healthcare is around $9,23 million, making it the industry where data breaches are the most expensive. How can it be explained?
The cost of a breach
When considering the cost of cybersecurity, healthcare organizations must take into account the cost of a cybersecurity breach or loss of data. Legal costs from HIPAA, GDPR and other regulatory bodies are just part of the overall cost to the healthcare company. In addition to financial costs there is the potential threat to patients, and the reputation cost that a business can face.
The fact that healthcare providers and payers hold very sensitive and personal information from patients, like personally identifiable information (PII), make them attractive targets for hackers that will deploy more resources for a cyberattack to be successful, then costly.
The first direct costs of a data breach include the detection and recovery from the breach itself. Security teams will need to be auditing and investigating the data breach and check what harms has been done and how to avoid such cases in the future. That is also why usually, the faster the healthcare organization can detect and respond to a cyberattack, the less expensive it would be to handle as it will not have the time to propagate too much.
In the case of ransomware attacks that happen more and more in the healthcare industry, organizations must also take into account the cost of the period where they had their processes shut down and could not operate efficiently.
Then, there is the post breach reaction costs: how do you go back to business and notify victims? For instance, do you have backup data that can be leveraged to recover quickly? Depending on the amount of data that was compromised, it can take weeks to be able to go back to normal.
In the US healthcare data is protected by HIPAA (Health Insurance Portability and Accountability Act). This is a set of laws and regulations that control the standards for protecting patient data. Healthcare organizations must comply with the HIPAA laws and prove compliance. If healthcare organizations are not compliant with HIPAA laws, they can face substantial fines. These fines can range from thousands to millions of dollars. Excellus Health Plan was charged 5.1 million dollars in 2021 for multiple HIPAA violations including, risk analysis and a breach of 9,358,891 records.
In addition to the cost of HIPAA in the US there are other regulations such as GDPR in the EU. This is very similar to HIPAA; it requires all entities that handle healthcare data from EU citizens to comply with a set of laws and regulations. These regulations are in place to protect patient data that can personally identify an individual. This data must not be shared with anyone except the patient and authorized healthcare providers. Organizations that are in breach of these laws can expect to face large fines up to £18 million or 4% of the company turnover, whichever is higher.
In addition to the financial costs of a cybersecurity breach companies face reputation costs. Reputations are hard to build, it can take years to gain a reputation as an expert in healthcare or pharmaceuticals. Patients put their trust in companies based on previous experience, reputation, reviews, and other factors. Patients trust healthcare providers with their lives, having a good reputation within the healthcare industry is essential to earn patient trust.
When a cybersecurity breach occurs, it is likely to be published in the media, especially if it is significant and impacts on patient data. Where patients have a choice over their healthcare provider, they are more likely to want to switch providers after hearing about a cybersecurity issue. 45% of Americans said they would be less likely to return to a healthcare provider if it was subject to a security breach.
Costing a cybersecurity solution
Once the breach has been identified, the organization needs to think of how to prevent it from happening again in the future. When it comes to costing out a cybersecurity solution an individualistic approach must be taken to review what is currently in place, what is required, and at what level. Our expert healthcare team can advise on every stage of the process. Once the required information is gathered on your individual needs our experts can give an indicative cost for the cybersecurity solution that best fits your business. Contact our healthcare team
Cybersecurity elements in healthcare
There is no one size fits all solution or cost when it comes to protecting sensitive patient data and minimizing the risk of a data breach or hack. There are many elements to cybersecurity in healthcare, each needing a bespoke approach based on the company’s systems and requirements.
Atos provides a portfolio of cybersecurity solutions for the healthcare industry from consulting to managed security services to provide end-to-end cybersecurity solutions. Read our cybersecurity whitepaper for more information on the solutions we can offer.
At Atos we can help every business within the healthcare industry to find the best possible cybersecurity solution tailored to their needs. Our cybersecurity experts have vast knowledge and experience at providing a tailored end-to-end solution. Find out more about our cybersecurity solutions for healthcare providers or get in touch with our healthcare team.
Healthcare data breaches: a look into Verizon’s 2021 Data Breach investigations report
How can healthcare organizations stay safe from the deadly ransomware attacks?
Cybersecurity Capability Assessment Services
Strategize and prioritize your next cybersecurity investments with a cybersecurity capability assessment.
Check which security technologies are worth the investment to improve your security posture.