Although data breaches in the healthcare industry cost less than they did last year, healthcare is still the most targeted industry for cybercriminals for the fourteenth consecutive year.
The average healthcare industry data security breach costs $7.42 million per incident, making it the most expensive industry for breaches for the fourteenth consecutive year, according to IBM’s 2025 Cost of a Data Breach Report.
In collaboration with IBM, researchers from the Ponemon Institute studied 600 organizations from 17 industries across 16 countries and regions impacted by data breaches between March 2024 and February 2025. The report was released yesterday.
For comparison, financial industry breaches, such as banking and investing, cost an average of $5.56 million per incident, and in the industrial industry, which includes chemical processing and engineering, breaches cost an average of $5 million.
In the United States, the average cost of a security breach rose 9% since last year, now sitting at $10.22 million, while globally, the average cost fell. This is likely due to higher regulatory fines and detection and escalation costs. Countries that saw the biggest declines in cost were Italy (-27%), Germany (-24%) and South Korea (-21.5%).
Healthcare breaches also took an average of 279 days to identify and contain, which is more than five times longer than the global average, the report says.
Cybercriminals are drawn in by the healthcare industry’s patient personal identification information, which can be used to commit identity theft, insurance fraud and other financial crimes.
The role of AI in security breaches is complicated, seeming to both contribute to attacks and lead to their detection, the report data shows.
For example, approximately 16% of attacks overall involved hackers using AI, often in the form of phishing or deepfake attacks. One in six attacks was also driven by AI, and 97% of organizations that reported an AI attack reported that they lacked proper AI controls. Specifically, 20% of those attacks were attributed to Shadow AI, or the employee use of AI without employer approval or oversight.
However, breach costs have gone down, especially in the healthcare industry. Last year, healthcare data breaches cost an average of $9.77 million per breach, compared with this year’s $7.42 million. Additionally, $1.9 million was saved this year across industries by using AI-powered security programs, shortening breach times by an average of 80 days.
Still, only 49% of organizations plan to increase investment in new security programs within the next year, the report says. This is a 22% decrease from last year.
To prevent future attacks, the report recommends that industries:
Get the latest industry news, event updates, and more from Managed healthcare Executive.
First-in-Class Therapy for Diabetic Retinopathy Shows Six-Month Benefit | ASRS 2025
July 31st 2025PER-001, delivered through a slow-release, dissolvable implant in the vitreous cavity of the eye, is designed to block endothelin signaling to increase ocular blood flow and prevent vision loss.
Read More
Conversations with Perry and Friends: Saar Mahna, J.D., MBA
July 31st 2025Perry Cohen, Pharm.D., a longtime member of the Managed Healthcare Executive editorial advisory board, is host of the "Conversations with Perry and Friends" podcast. In this episode, Cohen speaks with Saar Mahna, J.D., MBA, CEO and founder of Banjo Health, an artificial intelligence company focused on prior authorization.
Listen
Conversations With Perry and Friends: Paul Fronstin, Ph.D.
July 31st 2025Perry Cohen, Pharm.D., a longtime member of the Managed Healthcare Executive editorial advisory board, is host of the Conversations with Perry and Friends podcast. In this episode, his guest is Paul Fronstin, Ph.D., director of health benefits research at the Employee Benefit Research Institute.
Listen
A Conversation with Amanda Bogle, Healthcare Attorney at Sheppard Mullin
July 31st 2025Amanda Bogle, a healthcare attorney at Sheppard Mullin, discusses the evolving regulatory landscape for pharmacies, stressing the importance of external legal advice to navigate the complexities of 340B, PBM and Medicaid regulations.
Read More