Navigate the healthcare industry
Healthcare Brew covers pharmaceutical developments, health startups, the latest tech, and how it impacts hospitals and providers to keep administrators and providers informed.
Cyberattacks are causing issues across all sorts of industries, from Microsoft to AT&T to Ascension. But it looks like the healthcare industry is getting hit the hardest—financially, at least.
The 2024 Cost of a Data Breach Report from IBM and think tank Ponemon Institute found that the global average cost of a data breach rose 10% between March 2023 and February 2024, reaching a total average cost of $4.88 million in that period. Costs for disruptions to business processes and post-breach customer support and remediation were the largest drivers behind the increase.
However, of the 17 industries studied, healthcare had the most expensive data breaches, with an average cost of $9.77 million during that same period. In fact, healthcare has held the No. 1 spot for costliest breaches since 2011, according to the study.
For comparison, the next highest average cost was in finance, at $6.08 million.
Give me a breach break. Healthcare data breaches are becoming more common: The Department of Health and Human Services’s Office for Civil Rights (OCR) reported a 239% increase in “hacking-related data breaches” between January 2018 and September 2023, and it also reported a 278% increase in ransomware attacks over that time, according to the HIPAA Journal, which tracks the data.
In 2023, the OCR received 725 reports of data breaches, with more than 133 million patient records impacted.
OCR reportedly recorded more than 5,880 breaches between October 2009, when it began publishing cyberattack data, and the end of December 2023. According to the HIPAA Journal, the OCR only publishes details of data breaches that affect 500 or more records, meaning there are also smaller breaches.
As of August 14, there have been 387 in 2024, the HIPAA Journal reported. A recent target for cyberattacks has been blood banks.
Hardest hit. There are also variations in how hard health systems are impacted by breaches.
Healthcare software developer Strata Decision Technology looked at Q2 in its Healthcare Performance Trends Report to study how the February Change Healthcare cyberattack affected the industry.
The analysis included more than 1,600 hospitals. For the smallest health systems, those with annual operating expenses under $500 million, there was a shortfall of 11.1% in estimated missing payments compared to total payments for Medicare inpatient services in February. Mid-sized health systems, in comparison, only saw a shortfall of 1.5%.
Large health systems—i.e., those with $1 billion to $2.5 billion in operating expenses—saw a shortfall of 4.3% in February, while the largest with more than $2.5 billion in operating expenses had a shortfall of 5.5%.
“Health systems nationwide felt the repercussions of missing and delayed payments throughout the first half of 2024, but many larger systems were able to narrow those gaps by the end of the second quarter,” Steve Wasson, chief data and intelligence officer at Strata Decision Technology, said in a press release last week.