Let’s talk about your EHR needs: 1.800.383.6278  

Tuesday February 21, 2023

2022 Cost of a Data Breach Report: What You Need to Know

The IBM Security and Ponemon Institute recently released the results of their 2022 Cost of a Data Breach Report. In the report, IBM synthesizes data from over 3,600 interviews with organizations that were affected by data leakage. The report also takes a broader look at some of the factors contributing to increased costs associated with these incidents, and how compromised supply chains and gaps in security expertise are compounding the problem.

To ensure a patient's vital information remains secure, and to avoid the high costs of an EHR breach, hospitals need to be proactive. We’ve broken down IBM’s analysis and isolated some key findings that we think matter most to our partners:

The Cost of Data Breach Is at an All-time High

At an average cost of $4.35 million, the financial impact of compromised information systems has reached dizzying new heights. It’s important to note that this number is averaged across 17 countries, and that in the United States the cost is estimated at a blistering $9.4 million.

When we isolate healthcare from other industries, the picture becomes even more grim. Despite being highly regulated and considered critical infrastructure by the US Government, healthcare was again the number one target for cyber attacks, and incurred the most cost from subsequent data breaches, with an average price tag of approximately $10 million.

Detection and Escalation is Becoming Expensive

According to IBM, for the first time in six years, lost business wasn’t the largest cost of a data breach. In fact, lost business costs have decreased by about 10.7 percent from a $1.59 million high in 2021.

However, responding to a leak is now costlier than ever, making up the largest share of data breach costs in 2022. These expenditures include various activities that allow a company to detect when a hacker has bypassed their security. These activities typically involve forensic and investigative procedures, assessment and audit services, crisis management, and coordination with leadership.

While a full-time CISO may be too costly for many small businesses, vCISO services give health systems access to the expertise, experience, and knowledge required to strengthen and secure their care environment while keeping costs low.

Healthcare Is Experiencing “Longtail” Costs From Data Breaches

IBM's research also indicated that data breaches in highly regulated industries, such as healthcare, finance, energy, pharmaceuticals, and education, often result in longer-term costs that accumulate over time.

These long-term costs may include legal settlements, fines or penalties, lost business opportunities, and other indirect costs that can persist long after the incident.

A pronounced difference between low and high regulatory environments was observed about two years or more after the data breach. For highly regulated industries like healthcare, 28 percent of the data breach costs were incurred more than two years after the incident. In comparison, 12 percent of costs were incurred more than two years after a breach in low regulatory environments.

MEDTEAM Information Security Services

MEDTEAM Information Security Services can help by providing seasoned security leaders with a background in safeguarding large, complex systems. Our expertise can help build a plan for your facility to reduce the risk of successful phishing, ransomware, compromised e-mail, or data exfiltration.

To learn more about how MEDHOST can help protect its customers from cyber threats and reduce their impact on operations, please reach out to us at or call 1.800.383.6278.

You may also be interested in: