Skip to content

What is the True Cost of a Personal Health Information (PHI) Breach?

Chart showing cost of average PHI breach

For cyber criminals, Personal Health Information (PHI) is a highly valuable trove of data that can be sold for far more than any other personal records. A patient’s PHI contains their social security number, addresses, phone number, insurance information, prescriptions, diagnosis, as well as billing information. This creates an opportunity for cyber criminals to make big money in a PHI breach. For healthcare organizations, on the other hand, it poses the threat of significant losses. Healthcare security is becoming increasingly important.

The Importance of Protecting PHI

PHI is a unique data source because it contains information about a person’s identity that cannot be altered. Once a diagnosis is rendered, it is permanent. Similarly, prescribed medication, allergies, mental health records, and other medical data is unchangeable. For this reason, PHI is subject to strict confidentiality and disclosure requirements that don’t apply to most other industries.

Hackers pay up to $1000 for health records

Criminals Will Pay Up to $1000 for a Single Medical Record

When a person’s credit card or account number is stolen and used fraudulently, a quick trip to the bank and a change of digits can solve the problem. However, unalterable medical information can be used for many malicious purposes, from blackmail to stealing an identity. This is why cyber criminals are willing to pay only 25 cents for a credit card number, but they would pay up to $1000 for a single medical record.

Unique Cyber Security Issues in Healthcare


While healthcare organizations must meet stringent requirements to protect patient data, compliance doesn’t necessarily mean that PHI is secure. As technology evolves quickly and the healthcare industry relies more on connected medical devices, servers and PCs, regulations can’t keep up with hackers’ sophisticated game. Other industries do not rely on such an extended ecosystem of connected technology — especially when it comes to the life or death situations that are common in healthcare.

While all modern industries face cyber security challenges, the healthcare sector is a huge target for criminals. The extensive data found in patient records, the vast ecosystem of possible attack surfaces, and the life or death situation created by a breach makes healthcare organizations particularly vulnerable. For these reasons, the healthcare industry can count on cyber criminals to be more frequent and more persistent when attempting to hack into their systems.

The Cost of a PHI Breach


After a PHI breach, healthcare organizations must take a number of actions to contain the breach and meet compliance regulations, and these expenses add up. Organizations must pay for regulatory fines, notification expenses, identity theft repair, and credit monitoring.

Data breaches cost $408 per health record

The Average Cost of a Healthcare Data Breach is $408 Per Health Record

The number of records involved in a single data breach at a healthcare organization contributes to the monumental cost and the scale of the aftermath. According to Protenus’ 2020 Breach Barometer, over 40 million patient records were breached in 2019 alone. At $408 per health record, costs add up quickly even for the smallest breaches.

Healthcare Data Breaches Cost 65% More Than Data Breaches in Other Sectors

As soon as a person is born, their PHI is stored within the IT infrastructure of a healthcare organization. Since the simple act of being born often makes a person an active participant in the healthcare system, this means that most people are vulnerable to a healthcare data breach.

In fact, according to the American Academy of Pediatrics, “Children can be especially vulnerable [to healthcare data breaches]. It may take years or even decades for them to be made aware that their personal information has been compromised, especially if their healthcare provider is unaware of a breach.”

The healthcare system is not only uniquely vulnerable to cyber-attacks, its monumental database of valuable information makes it a massive target for hackers. This results in unparalleled costs in the aftermath of a data breach.

Preventing a Data Breach

Whether you are an app developer for connected medical devices or you are an information security officer at a large healthcare organization, it is your job to protect valuable patient information. Automated, intelligent security solutions are key, and performing vulnerability assessments regularly is critical. Ensuring proper cyber security hygiene from end-to-end is an organization’s best bet for preventing a PHI breach and protecting all aspects of the vast healthcare ecosystem.



Protenus: 2020 Breach Barometer 

AAP News: Children Especially Vulnerable to Cybersecurity Attacks in Healthcare

Forbes: Your Electronic Medical Records Could Be Worth $1000 To Hackers

Ponemon Institute: 2019 Cost of a Data Breach Report

Do you have questions about applications and content security?

Book a call with one of our experts

Want to keep up with Verimatrix news?

Sign up to the newsletter

Recent Posts

Why DRM alone is not enough

Digital Rights Management (DRM) has been an essential security tool for content providers for decades. It does things like deliver content keys, controls access to

Guardians of the Game: Sponsoring a Secure Community Haven in San Diego's Unified Esports League

Guardians of the Game: Sponsoring a Secure Community Haven in San Diego's Unified Esports League

We talked to Matthew Iske, the founder and general manager of this non-profit organization to learn more about Unified ESL and understand the importance of…
Why DRM alone is not enough

Why DRM alone is not enough

Digital Rights Management (DRM) has been an essential security tool for content providers for decades. It does things like deliver content keys, controls access to…
DRM Technology: Tools to Protect Video Content Distribution

DRM Technology: Tools to Protect Video Content Distribution

Having covered the complex nature of the media delivery ecosystem and the issue of online piracy in other articles, we can now address the DRM…
Want to take a deep dive?

Connect with us

Video Protection & Anti-Piracy