The cost of healthcare data breaches continue to remain the highest out of any industry, with an average cost of $380 per record, according to a recent report from the Ponemon Institute. Across all industries, the average cost for each lost or stolen record containing sensitive and conﬁdential information decreased from $158 in 2016 to $141.
That means that a healthcare data breach costs 2.5 times more than the global average across other industries. The global average cost of a data breach is down 10% over previous years to $3.62 million. In the United States, the average cost for each lost or stolen record containing sensitive and confidential information across all industries increased from $221 to $225. The average total cost experienced by organizations over the past year increased from $7.01 million to $7.35 million.
However, companies are experiencing larger breaches. Globally, the average size of the data breaches increased 1.8% to more than 24,000 records, the report says. For all other industries, the average cost per record is $141.
The United States has a higher breach cost compared to Europe, which has shown a decline of 26% in cost year-to-year, with the difference attributed to the centralized regulatory environment in Europe. In the United States, organizations must adhere to federal and individual state regulations.
The report says the rise in breach cost also can be explained by the occurrence of HIPAA compliance violations and companies rushing to notify customers. The cost of issuing a notification of a breach alone is an average of $690,000 in the United States, which the report notes is twice that of any other country. The cost goes even higher when business associates are involved, increasing the cost by an additional $17 per record.
In the United States, Ponemon identified these factors that influence data breach costs: compliance failures, the extensive use of mobile platforms, chief privacy officer (CPO) appointment, and the use of security analytics. The use of security analytics reduced the per capita cost of data breach by $7.70 and the appointment of a CPO reduced the cost by $4.30.
“However, the extensive use of mobile platforms at the time of the breach increased the cost by $6.50, and compliance failures increased the per capita cost by $19.30,” the report says. “Having an incident response plan and team in place, extensive use of encryption, employee training, BCM [business community management] involvement, and extensive use of data loss prevention technologies all reduce the cost of data breach by more than $9 per compromised record.”
Data breaches due to third-party error, compliance failure, extensive migration to the cloud, rush to notify, and lost or stolen devices increased data breach costs by more than $10 per compromised record, Ponemon reports.
“To illustrate, a fully functional incident response team decreased the per capita cost of data breach from $225 to $199,” the report says. “In contrast, third-party involvement in the breach incident increased the per capita cost from $225 to $249.”
The full report is available online at: https://ibm.co/2rLVOKR.