Articles

Why Healthcare Pays the Highest Price for Data Breaches

The U.S. data breaches are setting a new high at $10.22 million, an increase by 9.2%.

Jci Cheong

June 24, 2026

0 min read

The price of data breaches

IBM has been releasing data breach cost reports for the past 20 years. In its 2025 Cost of a Data Breach Report, healthcare data breaches are at an average of $7.42 million, the most expensive of all industries, and this has been the case for the last 14 years. Here are some numbers for comparison. The financial field breaches are at an average of $5.56 million while the industrial field breaches are at $5 million.

The time to identify and contain a data breach globally is 241 days in 2025. However, healthcare data breaches have taken an average of 279 days, 5 weeks longer than the global average to do the same.

Why healthcare?

Why is the healthcare industry taking the biggest hit? Let’s think of it this way. If personal identification information (PII) is a high-value currency for cybercrime, healthcare providers are gold mines for identity theft, insurance fraud and other financial crimes.  

With the growing use of AI outpacing governance, IBM reported that the majority of organizations did not have AI governance policies to manage the risk of AI, which brings us to this next reason.  

AI models and applications in the healthcare industry are becoming an emerging attack surface for cybercrime, especially in the case of shadow AI, the unauthorized use of AI tools, applications, or services within an organization without IT or security department approval.

Effects of data breaches

Operational disruption is synonymous with data breaches. It takes about 100 days for breached healthcare companies to recover from a data breach. Usually, the cost of a data breach is absorbed by the affected companies, but this is changing soon. Almost half of the organizations that participated in the study claimed that they would raise the price of goods and services while a third of them are planning to increase costs by 15% to cover the damage.  

Let’s break the data breach costs down to its’ components:

Components in breach costs What it is about Cost ($ million)
Detection and escalation Cost of finding the breach, figuring out how bad it is, and getting the right teams involved (IT, security, legal, management) 1.47
Lost business Money the company loses because customers leave, trust drops, or operations are disrupted after a breach. 1.38
Post-breach response Fixing systems, notifying customers, offering credit monitoring, legal work, and compliance efforts 1.20

What can you do as a healthcare business owner?

First, let’s utilize the free resources out there to educate ourselves. What better ways to learn if not from the subject matter experts? There are ample resources that caters to small and medium businesses that can help you discover the latest trends in the ransomware landscape, the value of data as a currency in the cybercriminal underworld, how attackers are sharpening their social engineering tactics, and much more.  

Did you know that you can access CrowdStrike White Paper, a free guide from an American cybersecurity company that provides insights into endpoint security, threat intelligence, and cyberattack response services? You could also download their yearly Global Threat Report to understand a broader aspect of cyberthreats.

Start assessing your business’ Incident Response Plans. Understand what attack vectors or social engineering threats are most prominent of late. Determine the steps needed to strengthen your readiness for future data breaches.  

Besides those, you can also safeguard your business’ financial data with the right tools. You are protected against hackers using a multi-layered security approach with Sage Intacct.  

With a security rating of 887 out of 950 (Upguard), Sage Intacct has industry standard 256-bit encryption to secure data at rest, Transport Layer Security (TLS) to encrypt data in transit over networks, regular third-party penetration testing and quarterly software updates with current security patches.  

The software has seamless integration with EMRCONNECT to enhance your financial data and manage patient data with HIPAA-compliant tools. Utilizing Sage Intacct to shield your business’ financial data from data breaches is an actionable intervention for you. Armed with the right information and tools, you’ll be better equipped to defend your organization.

In summary:

  • Healthcare data breaches are at an average of $7.42 million, which is the costliest compared to all the other industries.
  • Healthcare is targeted by cybercriminals for its wealth of personally identifiable information (PII).
  • Data breaches cause operational disruption, and recovery would cost about 3 million. Organizations are planning to get consumers to absorb data-breach costs instead.
  • Organizations adopt different interventions and approaches to reduce the frequency of future data breaches and costs.

​​References

​​Alder, S. (2025, July 30). Average Cost of a Healthcare Data Breach Falls to $7.42 Million. Retrieved from The HIPAA Journal: https://www.hipaajournal.com/average-cost-of-a-healthcare-data-breach-2025/

​IBM. (2025). Cost of a Data Breach Report 2025. New York: IBM Security.

​Lutton, L. (2025, July 31). Healthcare Data Breach Costs $7.42 Million, AI Vulnerabilities. Retrieved from Managed Healthcare Executive: https://www.managedhealthcareexecutive.com/view/healthcare-data-breach-costs-7-42-million-ai-vulnerabilities​

The path to streamlined, secure accounting processes is only a click away.

Explore how BTerrell’s team of experts, along with Sage Intacct and our range of customizable products, can enhance your accounting processes and unlock growth.

Book A Demo