News That Matters

Cyberattacks are raising health care costs- POLITICO


The average cost of a data breach for a health care organization is more than $10 million, according to IBM’s annual Cost of Data Breach Report, which looked at the period from March 2021 to March 2022. That’s up 9.4 percent from the same timeframe a year earlier. Health care has had the highest breach-related damages for 12 consecutive years.

Last month, Ruth reported that chief information officers of health systems want help fighting off the hackers. Insurers won’t cover damages in some cases, and health systems complain they haven’t had enough support from government or law enforcement.

Across industries, a glaring 60 percent of organizations said they had to raise prices to cover the expense of a breach, and the regulatory compliance and legal costs can extend over years for those in health care.

According to the HHS Office of Civil Rights’ database, health care organizations have reported nearly twice as many breaches from January to mid-July as during the same period in 2021. And more than four in five organizations — not just those in health care — told IBM they’d experienced more than one successful attack.

High-tech defenses are helping. The IBM report says that organizations with security platforms that use artificial intelligence saw 55 percent lower breach costs than those without. Those with an active incident response team also spent less on the follow-up to a breach.

A June report from the Government Accountability Office, Congress’ watchdog arm, found that insurance companies are raising premiums for cybersecurity incidents and reducing how much they cover. Given the rising costs of cyberattacks and the decline in insurance coverage, the GAO suggested that the Treasury’s Federal Insurance Office and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency assess whether a government insurance option is needed. Per the report, both agencies say they lack the data needed to make that assessment.

President Joe Biden signed legislation in March as part of the fiscal 2022 appropriations bill that may provide CISA with some data. The bill, by Gary Peters (D-Mich.), chair of the Senate Homeland Security and Governmental Affairs Committee, sets a schedule for reporting cyberattacks and ransomware payments.

Welcome back to Future Pulse, where we explore the convergence of health care and technology. Pharma bad boy Martin Shkreli is back! His latest venture is a Web3 drug discovery platform called Druglike. What can decentralization and crypto do for the pharma industry, you ask? We have no idea! Please send us your wrong answers only.

Share your news, tips and feedback with Ben at [email protected] or Ruth at [email protected] and follow us on Twitter for the latest @_BenLeonard_ and @RuthReader. Send tips securely through SecureDrop, Signal, Telegram or WhatsApp here.