20 Healthcare Cybersecurity Stats, Facts, and Figures to Know

Medicus IT

By Medicus IT

20 healthcare cybersecurity statistics to know

Cyberattacks are one of the most noteworthy threats facing healthcare organizations today. As the federal government states, "From small, independent practitioners to large, integrated health systems, cyberattacks on healthcare records, IT systems, and medical devices have infected even the most protected systems." 

The fallout from a successful cyberattack can be significant, with the government further noting, "Recent highly publicized ransomware attacks on hospitals, for example, necessitated diverting patients to other hospitals and led to an inability to access patient records to continue care delivery. Such cyberattacks can also expose sensitive patient information and lead to substantial financial costs to regain control of hospital systems and patient data."

The healthcare cybersecurity and general cybersecurity statistics, facts, and figures provided below further demonstrate the threat and challenge of cybersecurity for healthcare organizations today — and the importance of establishing and maintaining a strong data security posture.

Note: We'll be adding new statistics to this resource, so bookmark the page and check back regularly.

1. Total malware

There are more than 1.3 billion malware programs — and rising. (AV-Test Institute)

2. New pieces of malware detected

More than 450,000 new malware and potentially unwanted applications are detected daily. (AV-Test Institute)

3. Healthcare as the top target

Healthcare is expected to suffer 2-3 time more cyberattacks in 2021 than the average amount for other industries. (Cybersecurity Ventures)

4. Attempted attacks

There were nearly 240 million attempted attacks targeting healthcare in 2020 alone. (VMware Carbon Black)

5. Time to identify and contain a data breach

The average time it takes to identify and contain a data breach is 287 days. That's 212 days to detect the breach and 75 days to contain it. (IBM)

6. Time to recover from a breach

In 2020, the average healthcare firm took about 236 days to recover from a breach. (Bitglass)

7. Cost of healthcare data breach

Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021 — a nearly 30% increase. (IBM)

8. Cost per breached record

The average cost per breached healthcare record reached nearly $500 in 2020. (Bitglass)

9. Value of stolen medical record

Stolen medical records sell for as much as $1,000 each on the dark web. That’s 200x the value of a credit or debit card with a CVV number. (Experian)

10. Number of reported data breaches

More large healthcare data breaches were reported in 2020 than in any other year; 2021 is on pace to top 2020. (HIPAA Journal, Office of Civil Rights)

11. Attacks on small businesses

46% of data breaches in 2020 were in small businesses. (Verizon)

12. Small business preparedness

Only 28% of small businesses have a plan to respond to cyberattack. (CNBC)

13. Frequency of ransomware attacks

A ransomware attack will occur every 11 seconds in 2021. (Cybersecurity Ventures)

14. Success of ransomware attacks

73% of ransomware attacks were successful in 2020. (Sophos)

15. Downtime after ransomware attack

The average downtime a company experiences after an attack is 21 days. (Coveware)

16. Security vulnerabilities

More security vulnerabilities were disclosed in 2020 (18,000+) than in any other year to date. (Redscan)

17. Cause of data breach incidents

88% of data breach incidents are caused by employees' mistakes. (Tessian)

18. Zero-days exploited

24 zero-day exploits — a security flaw initially only known to cybercriminals — were taken advantage of by cybercriminals in 2020. (Google)

19. Investment in cybersecurity

Researchers found that the average healthcare organization spends about 5% of its IT budget on cybersecurity. The rest goes to the adoption of new technologies. (Journal of Medical Systems)

20. Cost to the healthcare industry

Data breaches are costing the healthcare industry $6.2 billion each year. (HIPAA Journal)

Sources (in alphabetical order):

Medicus IT Cybersecurity CTA