It takes healthcare organizations 55 days to detect a breach, survey finds

Jessica Kim Cohen -

Although healthcare organizations tend to identify breaches more quickly than companies in other industries, they take longer to contain the attack, according to a recent survey sponsored by IBM.

IBM tapped the independent research firm Ponemon Institute to conduct the survey of nearly 500 companies for a report on data breach costs. The survey included 2,634 employees from 477 companies across 17 industries worldwide, all of which had experienced a data breach that compromised at least 2,500 records.

Here are five insights into data breach cost and recovery:

1. The industries with the largest proportion of data breaches in IBM's survey were financial services (16 percent), services (15 percent), industrial and manufacturing (14 percent), and technology (13 percent). Healthcare organizations comprised just 1 percent of data breaches.

2. The average amount of time it took organizations in the sample to identify a data breach was 197 days. In healthcare, organizations took an average of 55 days to identify a data breach.

3. The average amount of time it took organizations in the sample to contain a data breach was 69 days. In healthcare, organizations took an average of 1,037 days to contain a data breach.

4. Across all organizations, the average cost per breach incident was $3.86 million in fiscal year 2018. Major drivers of this number included costs associated with lost business ($1.45 million), detection and escalation ($1.23 million), ex-post response ($1.02 million) and notification ($160,000).

5. The average cost per compromised record at the surveyed organizations was $148 in fiscal year 2018, up from $141 in 2017 but down from $158 in 2016.

To download IBM's survey, click here.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.