Hospitals spend more after a data breach, but there is a fix

Two recently published reports discuss the high cost of healthcare data breaches organizations can incur. The Department of Health and Human Services estimates that it takes a breached healthcare organization a full year to recover. From fines and lawsuits, to having to rebuild the hospital’s reputation, it is hours of work at a high cost. Both studies, however, found that there is a way to mitigate these costs and resolve the issue before it starts – better data security and privacy controls.

The cost of a healthcare data breach

In 2018, the Ponemon Institute published a report analyzing the costs of data breaches that have occurred over the 12 months preceding the report. The Institute discovered three things:

  1. Faster identification of a data breach reduced costs
  2. Hackers and criminal insiders caused the most data breaches (48%)
  3. The loss of customers had significant financial consequences on the organization

Moreover, organizations can lose customers after data breaches, which hurts their bottom line. The average cost of organizations losing less than one percent of their customers was $2.8 million; however, the average cost increased to $6 million if the organization lost four percent or more of their customers due to a data breach. The average organizational cost for a data breach in the United States was $7.91 million. The healthcare industry had the highest rate of customer churn (6.7%) associated with a data breach, while the average customer churn rate associated with a breach was 3.4%.

Consequences of data breaches in healthcare

The cost of remediating a data breach is also high with the U.S. having the highest notification costs associated with breaches at $740,000. Heavily regulated industries such as healthcare have the highest costs associated with data breaches. The per capita cost for each record breached in the healthcare sector was $408. The healthcare sector also had the highest average time to contain a data breach at 100 days and the second-highest average time to identify a breach, at 255 days. Part of the costs of a healthcare data breach include marketing and advertising. In a recent report from the American Journal of Managed Care, it was found that hospitals spend 64% more annually on advertising after a data breach over the following two years. This increase is due to the cost that comes with repairing the hospital’s image and trying to minimize patient loss to competitors. A common theme from both reports is that the deployment of additional and more advanced security controls can mitigate breach costs. The Ponemon Institute stated that the “deployment of an artificial intelligence platform as part of a security automation solution” influenced the cost of a data breach. The Institute found that “deployment of an AI platformed saved $8 per compromised record.” Similarly, the American Journal of Managed Care researchers wrote that “advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security.” The Ponemon Institute also found the cost of a data breach is lower, the faster the breach is identified. Companies that identified a breach in less than 100 days saved more than $1 million when compared to companies that took over 100 days. The best way to mitigate the costs of a data breach is by having the proper policies and solutions in place to identify a data breach early. Quick identification could result in millions of dollars being saved as a hospital works to rebuild their business and image following a breach.