Healthcare and Cybersecurity: 35 Key Statistics and Facts You Should Know

Like technology, cybersecurity is always in flux. Healthcare organizations have to keep up with the latest threats while also ensuring compliance, and that means your healthcare cybersecurity should evolve over time, too.

Unfortunately, we’ve seen a dramatic uptick in the volume of cyber attacks as well as the cost of recovering from a data breach in healthcare. In an industry where lives are quite literally on the line, a single breach can not only bring your business to a halt, but it can create tangible harm to your patients.

It’s never been more important for healthcare providers, pharmaceutical companies, and their business associates to invest in proper healthcare cybersecurity. Learn about the current state of healthcare cybersecurity with these 35 key statistics.

Attacks against Healthcare Organizations are on the Rise

  1. 66% of healthcare organizations say they experienced a ransomware attack in 2021, an increase from 34% in 2020.
  2. There was an 84% increase in healthcare breaches from 2018 to 2021.
  3. 50 million Americans had their PHI exposed in healthcare data breaches in 2021 — that’s a 3X increase over 2018 figures.
  4. In healthcare alone, there were 14 million victims of data breaches in 2018, which increased to 44.9 million victims in 2021.
  5. 89% of healthcare organizations reported an average of 43 cyber attacks per year, which is nearly one a week.
  6. Medical clinics are now the number-one target for ransomware attacks in the United States.
  7. Healthcare saw a 69% year-over-year increase in the volume of cyber attacks from 2020 to 2021. This was the highest increase in attacks on any industry in the U.S.
  8. The pandemic led to a surge in cyber attacks. Healthcare providers saw a staggering 42% increase in data breaches in 2020.
  9. Today, the average healthcare breach exposes 3.32 million records.
  10.  The largest healthcare data breach in the United States occurred in 2015, impacting a health insurance company and exposing over 78.8 million patient records.

Spending on Healthcare Cybersecurity vs. Data Breach Costs

  1.  91% of hacks have a financial motive.
  2.  The average cost of remediating a single ransomware incident is $1.27 million.
  3.  Healthcare providers paid ransoms 61% of the time in 2021.
  4.  The average cost of a healthcare data breach increased to $9.23 million in 2021, which was a $2 million increase from 2020.
  5.  Healthcare data breaches can cost as much as $408 per record — which is the highest cost of any industry.
  6.  The healthcare industry will spend as much as $125 billion on cybersecurity from 2020 to 2025.
  7.  Globally, healthcare cybersecurity spending will increase. Organizations spent $8 trillion in 2013, but they’re expected to spend $18 trillion or more every year by 2040.

Cyber Attacks: Damage by the Numbers

  1.  20% of hospitals that experienced a cyber attack reported an increase in patient mortality. Of that 20%, 57% reported poorer patient outcomes and 50% reported an increase in medical complications as a result of the cyber attack.
  2.  Ransomware is the most disruptive type of attack that leads to the most operational delays.
  3.  90% of healthcare organizations reported a loss in revenue after a cyber attack.
  4.  48% of healthcare IT executives for small to mid-size hospitals report that their organization had to suspend operations in the last six months because of a cyber attack.
  5.  On average, cyber attacks take healthcare organizations offline for six hours, with smaller hospitals commonly being offline for 9 hours or more.
  6.  The cost of a cyber attack ranges from $21,500 per hour to as much as $45,700 per hour.
  7.  81% of healthcare organizations report experiencing an increase in phishing attacks since March 2020, which makes it the most common type of cyber attack likely to result in a data breach.
  8.  Phishing attacks against healthcare organizations increased by 220% during the COVID-19 pandemic.
  9.  Up to 50% of all Internet of Things (IoT) devices in hospitals are vulnerable to attacks.
  10.  95% of identity theft happens because of stolen healthcare records.

How Healthcare Providers Currently Manage Cybersecurity

  1. 64% of healthcare organizations report feeling at risk of business email compromise and spoofing phishing attacks, yet just 48% of those organizations have a documented plan in place to address this threat.
  2.  34% of healthcare breaches happen because of unauthorized access.
  3.  61% of breaches happen because of employee negligence.
  4.  64% of organizations are concerned about device security.
  5.  63% of healthcare businesses conduct regular employee cybersecurity training.
  6.  71% of healthcare organizations report that they’re vulnerable to supply chain attacks, but only 44% have a documented response plan to address supply chain cybersecurity risk.
  7.  Healthcare providers spend an average of 5% of their annual budget on cybersecurity. For comparison, the U.S. government spends 16% of its budget on cybersecurity.
  8.  Only 22% of IT managers in the healthcare industry feel that their organization provides adequate funding for cybersecurity.

Leverage Situational ePHI Awareness to Improve Healthcare Cybersecurity

Cyber attacks are only going to become more expensive and more common in healthcare, and the time to invest in smarter healthcare cybersecurity is now. Instead of falling prey to ransomware, phishing, or hacking, your organization can follow cybersecurity best practices now to stay ahead of the criminals.

You can’t adequately protect ePHI if you don’t know where it’s stored, who accessed it, and how it’s used and shared both within and outside your organization. That’s where Tausight’s Situational ePHI Awareness solution comes in, providing a consolidated, real-time view into structured and unstructured ePHI across the healthcare continuum. Tausight detects, tracks, and analyzes PHI activity and risk so you can take a more proactive stance against cyber risks. Contact us today to learn how Tausight can provide your organization with situational ePHI awareness to help you bolster your healthcare cybersecurity posture.

profile photo of David Ting

David Ting

Founder and CTO, Tausight

Related Articles