Healthcare cybersecurity insurance claims in 2017 made up 17 percent of total claims—but accounted for 28 percent of costs related to breaches, roughly $65 million of a total $229 million, according to the 2017 Cyber Claims Study by NetDiligence.

The study analyzed 103 cyber liability insurance claims pertaining to healthcare. It aimed to provide risk management professionals with insight into how data insecurity is affecting the industry.

Key findings included:

• The average number of records exposed in a healthcare breach was 1.6 million.
• Healthcare claims comprised 17 percent of claims in the 2017 dataset and 28 percent of total costs.
• Breaches that exposed protected health information (PHI) averaged 386,000 in 2017, while breaches of personally identifiable information (PII) averaged 5.2 million.
• The total average breach cost for PHI was $475,000 in 2017, while average cost for PII was $1.85 million.
• The median per-record cost in healthcare was $28, lower than the $47 in other sectors. However, the amount of large settlements made from very few records increased the average per-record cost for healthcare.
• Costs for average total crisis services were three times higher for healthcare than other sectors.
• Average legal settlement costs were 40 percent of the combined average of all other sectors, $116,00 versus $260,000.
• Criminal acts exposed 80 million PII and 17 million PHI records, leading to healthcare having the highest total notification ($37.1 million) and credit/ID monitoring ($6.6 million) costs.
• Stolen unsecured laptops with unencrypted hard drives averaged $37,000 in costs.