The healthcare industry in the United States has experienced its fair share of cyber incidents — from ransomware to distributed denial of service (DDoS) attacks and data breaches — in recent years. Breaches alone cost the healthcare sector $6.2 billion each year, and a single data breach (across all sectors) costs $4 million.
In healthcare, these costs include forensics, breach notification, lawsuits, fines and remediation costs. They also include diminished brand value and lost revenue. The latter is a bit easier to identify. Organizations know what their financial run rates were historically and leading up to the event, so short-term financial losses after the incident can be extrapolated. On the other hand, brand value can be hard to estimate because reputation is not a tangible asset.
Read David Finn's comments here.