Despite the risk of tremendous loss in a breach, healthcare providers (HCPs) are slow to build strong cybersecurity defenses around their business.
According to one report, some NHS trust have spent as little as £250 on cybersecurity in the last year. NHS is a “star” victim of the WannaCry ransomware outbreak, meaning the UK’s public health service provider should be among the first to pour its heart and soul into cyber defense. But studies show that the NHS, like the healthcare sector in general, suffers from a huge gap when it comes to recruiting and retaining cybersecurity talent.
Data breaches are costly for HCPs
For the eighth year in a row, healthcare organizations have incurred higher costs than organizations in any other sector from data breaches, at an average of $408 per lost or stolen record. Costs associated with data breaches in healthcare are nearly three times that of other industries.
As Ponemon Institute shows in a recent study, certain industries are more vulnerable to churn when customers can easily take their business to a competitor. In highly regulated industries such as healthcare, customers typically have high expectations for protection of their data.
Healthcare has the highest “abnormal” churn rate of all industries at 6.7%, followed by finance (6.1%), pharmaceuticals (5.5%), services (5.2%), technology (4.6%), industrial (3.1%), energy (3.0%), communication (2.9%), and education (2.7%)
“When these organizations have a data breach, customers’ trust will decline and they will try to find a substitute. In contrast, the public sector, which has the lowest churn, has no competitor and customers have no other options,” Ponemon researchers said.
Healthcare organizations are also among the slowest to contain a breach, at 103 days. Failure to rapidly identify a data breach leads to higher costs. In 2017, the average total cost was $2.80 million when it’s identified in less than 100 days, and $3.83 million when it takes longer.
64% more money goes to advertising following a breach
To estimate the relationship between data breaches and hospital advertising expenditures, Sung J. Choi, PhD and M. Eric Johnson, PhD conducted a study to understand the relationship between data breaches and hospital advertising expenditures.
The Healthcare Cost Report Information System provided data on hospital characteristics and financial variables, according to the American Journal of Managed Care. Study groups were matched using observable characteristics, such as revenue, number of beds, discharges, ownership, and teaching status. According to their findings, a hospital data breach was associated with a 64% increase in annual advertising expenditure, and significantly higher advertising spending in the 2 years after the breach.
Breached hospitals were more likely to be large, teaching, and urban hospitals relative to the control group.
“Efforts to repair the hospital’s image and minimize patient loss to competitors are potential drivers of the increased spending. Advertising costs subsequent to a breach are another cost to the healthcare system that could be avoided with better data security,” the researchers concluded.