The average cost of a breach is now $7 million. In the first 60 days of 2023, 5.5 million patients had their private health information involved in a cyberattack.
What’s the “moment of regret” for a healthcare system right after it has suffered a cyber breach? All too often, it’s when the victimized executives realize a painful, unavoidable truth: preventing the attack would have been much easier than responding to the breach.
Breach liability reduction defines today’s healthcare cyber landscape. After all, patients’ personal health information presents an ever-juicier target for cyber criminals. Hackers now perform a “double-data shakedown” when they steal electronic PHI – they first extort the health system to regain access to the (now-locked) data, and then they force the system to pay them (again) not to release the data publicly.
This two-tiered extortion scheme underscores the failing ROI of healthcare cybersecurity over the past several years. From 2020 to 2025, healthcare will spend $125 billion to defend against breaches. Despite this aggressive investment, ransomware and other cyber-attacks keep getting worse and more expensive for health systems to endure.