LexisNexis Risk Solutions Study Shows Nearly Half of Participating Healthcare Payers Experienced a Data Breach in the Last Five Years, Costing an Average of $5.39M per Incident

11/02/2022

ATLANTA — LexisNexis® Risk Solutions, the leading provider of healthcare data analytics and technology, today released its True Cost of Fraud™ for Healthcare Payers study, which analyzes the impact cyberfraud has on healthcare payers, particularly how much it costs their business and inevitably affects the overall cost of care. The recent growth in digital health strategies, where data is more widely shared and analyzed, presents significant opportunity to improve access, engagement and patient care. At the same time, the proliferation of digital health is also correlated with an increase in cybercrime. This report explores these vulnerabilities and the steps organizations should take to mitigate their risk.

The study analyzed incidents of ransomware, portal hacking, phishing and cyberbreaches experienced by 41 of the top 100 healthcare payers, exploring the type, impact and potential solutions to quantify the overall financial impact of cybercrime. Almost half (49%) of respondents say they have experienced a data breach in the last five years, involving an average of 12,000 compromised records per incident and costing an average of $5.39M per incident.

Of the payers who experienced a breach in the last five years, nearly all (85%) report that cyberattacks and breaches have a negative impact on their brand reputation. Of these respondents, 40% reported a lower enrollment rate for new members and more than half (55%) reported a lower re-enrollment rate for existing members following a breach.

Payer organizations applying a multi-solution, best practice mitigation strategy recognize a significant reduction in incidences and impact. According to the study, payer organizations with digital identity verification, an incidence response team and security automation are less likely to have experienced a breach within the past five years. With mitigation initiatives in place, organizations can save up to 39 days on average with detecting a breach and up to 43 days on average with containing a breach. Additionally, the average cost of a breach for these organizations is significantly less – $3.5M compared to $5.39M overall.

Key Findings from the True Cost of Fraud for Healthcare Payers Study:

• Attacks and Costs: The average number of data breaches experienced in the past five years is 3,379, with 30% of payers reporting incidents of ransomware attacks alone happening more than five times per month. The study estimates an average $5.39M burden on each payer for a breach. The study found that every $1 spent on immediate remediation and escalation of a breach actually costs payers $3.23 based on additional costs resulting from the breach, including restitution, lost productivity, member churn, fines, fees and investments in mitigation.
• Digital Transactions Increase Fraud: With the 21st Century Cures Act opening payer data to consumers and mobile apps, this inevitably adds more risk for potential fraud. 68 percent of payers report challenges verifying identity on mobile applications. Nearly all (95%) of respondents consider online identity and credential verification to be a challenge.
• Top Fraud Challenges: Social engineering (direct scams) is the most common form of cyberfraud afflicting payers with 35 percent reporting more than five attacks a month. Ransomware is the second greatest threat with 30 percent reporting more than five attacks per month. Compromised integration partner systems, member and employee phishing and portal hacking round out the most common types of attacks.
• Reputation Risk and Loss of Members: For payers, acquiring a new member is more costly than retaining one. For payers in the survey, the average cost of acquiring a new member is $615, while the cost of retaining a member is $192. The majority (55%) of payers report a loss in members after a data breach, forcing them to increase spending on new enrollment efforts.

“Cyberattacks and breaches continue to be a growing challenge across healthcare, and this is one of the first studies to explore and quantify the true financial implications of these events on payers, including the potential impact on their brand reputation and member enrollment,” said Jonathan Shannon, associate vice-president of market planning and strategy for the Health Care business of LexisNexis Risk Solutions. “The study also emphasizes the effectiveness of identity access management solutions in limiting the frequency and overall impact of these events, which is consistent with our belief that there is significant opportunity to further mitigate this problem with the right set of data and solutions.”

Click here to download a copy of the Trust Cost of Fraud in Healthcare study.

To learn more about the report results, join the panel discussion “The True Cost of Data Breaches for Payers,” November 15 at 2pm EST.

About LexisNexis Risk Solutions
LexisNexis^® Risk Solutions harnesses the power of data, sophisticated analytics platforms and technology solutions to provide insights that help businesses across multiple industries and governmental entities reduce risk and improve decisions to benefit people around the globe. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers. For more information, please visit LexisNexis Risk Solutions and RELX.