Skip to Main Content
Publications

Health Care Remains a Top Target for Hackers

The recently released 2023 IBM Security Cost of a Data Breach Report highlights that cyberattacks against the Health Care Sector continue to increase, leading the list of most expensive remediations for the 13th year in a row. Since 2020, the cost of remediation after an attack on health care data increased a staggering 53.3 percent with an average cost of $10.93 million, more than double all sectors but one, the Financial Sector, which decreased from last year while health care increased. See the figure below from the report. Health care accounts for only one percent of the attacks but remains the costliest. These costs continue to bring great impacts to the Health Care Sector as a hospital in Illinois closed in June 2023 after suffering from a cyberattack. However, these events need not happen.

Chart: Cost of a data breach by industry

Mitigation Strategies

In response to this threat, all organizations should consider the following mitigation steps:

  1. Switching to biometric or two-factor access for all systems and access to data.
     
  2. Review of internal policies and service level agreements with cloud storage providers for security responsibilities and encryption of data and HIPAA compliance.
     
  3. Rigorous tabletop exercises to stress the existing policies and procedures for when an attack occurs to identify areas needing attention and action.

Baker Donelson can assist in reviewing your data mapping and protection considerations, creation of security programming, disaster recovery and incident response, and further ensuring that your policies and procedures reflect the correct operating stance to protect your information and devices, as well as implementation. For any questions about how a cyberattack might affect your business or your clients, or how you can better prepare for these types of threats, please contact Dr. Michael Klipstein, CISM, CISSP, or any member of the Baker Donelson Data Protection, Privacy, and Cybersecurity Team.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept