You need an effective incident response plan – one that’s robust, fully tested, and enables a fast reaction from your organization. However, without the right expertise and resources, creating one can be confusing, challenging, or nearly impossible.

If you’re struggling, you’re not alone. The industry average to identify and contain a breach is 257 days. Given the healthcare industry’s requirements to respond in a much shorter period of time to our clients and patients, we need to do better. (The HIPAA Breach Notification Rule gives guidance that most notifications must be provided without unreasonable delay and no later than 60 days following the discovery of a breach.)

IBM and the Ponemon Institute’s 2017 global study uncovered some key findings that will help you better understand the current threat from data breaches and the costs to you. You will also gain some important considerations as you maintain your own incident response plan.

The U.S. – and the healthcare industry – are making history

  • The U.S. leads the pack on breaches: The cost of a data breach in the U.S. was $7.35 million, a 5% increase compared to last year. When compared to other regions, U.S. organizations experienced the most expensive data breaches in the 2017 report.
  • Healthcare tops the list. For the seventh year in a row, healthcare distinguished itself as the most expensive industry for data breaches. These breaches cost organizations $380 per record, more than 2.5 times the global average overall cost of $141 per record.

Cutting the costs of a breach

  • Your secret weapon? A strong Incident Response (IR) Team. IR teams, along with a formal incident response plan, can help you significantly reduce the cost of a data breach. These resources can also help you better navigate the complicated aspects of containing a data breach to lessen further losses.
  • Your costs skyrocket the longer it takes you to contain a breach. If you contain the breach in fewer than 30 days, you save nearly $1 million on average, compared to those that took more than 30 days.

On average, organizations took more than six months to identify a breach, and more than 66 additional days to contain a breach once discovered!

What causes most data breaches?

  • Criminal attacks are a big threat. Close to half of all data breaches (47%) were caused by malicious or criminal attacks, resulting in an average of $156 per record to resolve.
  • Third-party threats top the list. The top contributing factor leading to an increase in the cost of a data breach was data breaches resulting from third-party involvement. Those increased the cost $17 per record.

Important takeaways

  • Pay serious attention to your providers’ and partners’ security. Assess your third-party providers’ security to help ensure the security of your employee and patient data.
  • There are three ways to reduce a data breach’s financial impact. Incident response, encryption, and education have the most impact on reducing the cost of a data breach. Having an incident response team in place resulted in a $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.5 reduction per record).

Ready to learn more?

  • For more information about what data breaches are really costing you, visit:
  • Read the five steps to accelerate your incident response here.
  • If you have any questions about keeping your organization safe from cyberattacks, please reach out.