Rising Healthcare Data Breach Costs
The average cost of a healthcare data breach in the United States has reached approximately $9.77 million, according to a recent analysis by application security firm Indusface. This substantial figure is primarily driven by business disruption, legal claims, and customer turnover.
Texas and California are at the forefront of both the number of incidents and individuals affected. Since 2023, Texas has recorded 66 healthcare data breaches, the highest of any state, impacting over 14.3 million individuals. California follows with 45 breaches, affecting more than 9.2 million people. New York reported 61 breaches, resulting in 8.6 million individuals being impacted.
Notable Incidents
One of the most significant breaches occurred at Blue Shield of California, where member data was shared with Google for advertising purposes from April 2021 to January 2024. This incident affected an estimated 4.7 million individuals, with the data shared including information such as plan type, location, gender, and family size.
Indusface identified 46 large-scale healthcare data breaches, each impacting more than 500,000 individuals, over the past 24 months. Other significant incidents include:
- Concentra Health Services in Texas, where nearly 4 million individuals were affected
- Enzo Clinical Labs in New York, where 2.47 million individuals were impacted due to inadequate data security measures
- Florida Health Sciences Center, where more than 2.4 million people were affected
Expert Insights
Venky Sundar, founder and president of Indusface, highlighted that healthcare organizations face increased risk due to the volume of sensitive data and outdated technology infrastructure. “The healthcare sector is vulnerable to these breaches due to both the vast amount of sensitive patient data, which is often sold to third parties for a high price, and weak/outdated software and systems,” Sundar explained.
Sundar referenced the latest Verizon Data Breach Investigations Report, which found that vulnerability exploits have overtaken phishing as the leading cause of data breaches. He emphasized the importance of utilizing tools like web application scanners and cloud-based Web Application Firewalls (WAFs) to detect and mitigate vulnerabilities in real-time.
To minimize the risk of patient data being exposed, Sundar recommends implementing rigid security systems, careful monitoring, and proper protection. As the digital landscape continues to evolve, staying on top of potential network threats is crucial for maintaining the security of sensitive healthcare data.
