IBM data breach report, security breaches in healthcare

GOA & IBM Data Breach Report Reveal Alarming Security Breaches in Healthcare


August 31, 2022 | Reading Time: 2 Minutes

Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker. How

Politico’s recent investigation revealed a record number of cyber security breaches in healthcare, exposing the protected health information of an estimated 50 million people. Healthcare data is highly sought after. Sold on the dark web, healthcare data is used for false identification documents and to make false Medicare claims, amongst other things.

Financial Damages Highest for Security Breaches in Healthcare 

Security breaches in healthcare are increasing, and so are the costs. The 2022 IBM Data Breach Report shows that financial damages resulting from security breaches have been the highest in the healthcare industry for 12 consecutive years. Detailing data breaches from March 2021 to March 2022. The IBM Data Breach Report concludes that, on average, security breaches in healthcare cost $10.1 million. It also found that companies that invested in Artificial Intelligence (AI) and other automated security technology reported lower average security breach costs. Many companies have realized the enormous benefits and cost savings available to those who deploy automated and AI cyber-defenses. Automation and AI also sped up the detection and containment of the breach by an average of 74 days. 

Insurers Don’t Offer Full Protection Against Financial Losses

Though many companies insure themselves against business interruption costs due to security breaches in healthcare, the Government Accountability Office (GAO) reported that insurers limit their exposure to cyberattack losses. For example:

  • Scripps Health suffered a massive cybersecurity attack in May 2021. It cost $133 million, mostly in lost business. However, their insurers only covered $35 million of the cost, as described in their quarterly financial reports.    
  • The medical faculty at the University of Vermont lost $54 million in a cyber-attack in October 2020. Their insurers reimbursed $30 million. 
  • The 2020 Universal Health ransomware attack closed 250 hospitals across the country and cost the company $67 million in lost revenue. Universal Health’s insurance covered $30 million, under half of the actual financial losses. 

Government To Intervene to Reduce the Risk of Security Breaches in Healthcare

The GOA report suggested that there may be a need for government insurance options. This need is echoed by healthcare executives who have called for more government support to defend critical infrastructure from cyber-attacks. 

The Healthcare Cybersecurity Act, a bipartisan bill, was introduced to the Senate in March. It aims to guide the Cybersecurity and Infrastructure Security Agency (CISA) to work with the Department of Health and Human Services to Prepare healthcare and public health organizations to understand and defend themselves from cyber-attacks. 

The IBM Data Breach Report Highlights Cyber-Security Investment Needs

The IBM Data Breach Report again underlines the growing urgency for healthcare executives to increase vigilance and automate cyber-defense mechanisms. Unless they do, they will expose their organizations to financial loss and the client healthcare data to privacy breaches.

HIPAA Compliant Social Media for Professionals

Tips and tricks for using social media to grow your practice without violating legal requirements.

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. Some of’s blog content is generated with the assistance of ChatGPT. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Please share your thoughts in the comment box below.

Notify of
Inline Feedbacks
View all comments

Register for Free

Receive Any of Our 57 FREE Newsletters!


Most Popular Blog Topics

You May Also Like…

ChatGPT HIPAA Considerations
ChatGPT HIPAA Considerations

ChatGPT HIPAA compliance is one of the hottest topics at 2023 conferences and with good reason. AI...