2 min read

Compromised employee accounts are an expensive problem according to IBM report

Picture of Kapua Iao Kapua Iao September 3, 2020

Healthcare cybersecurity news
Computer screen displaying the word security with cursor
Cybersecurity concept with pixelated security text and cursor Compromised employee accounts remain the most expensive problem for organizations hit by data breaches according to IBM Security’s Cost of a Data Breach Report 2020. IBM examines hundreds of cost factors related to legal, regulatory, and technical needs as well as loss to brand equity, customers, and employee productivity. Its findings demonstrate the importance of up-to-date user policies, employee awareness training, and email security.

 

Report summary

IBM’s study of over 500 organizations (and more than 3,200 security professionals from these organizations) took place between August 2019 and April 2020. Overall, cybersecurity incidents cost participating organizations an average of $386 million per breach. Eighty percent resulted in the exposure of personally identifiable information. And the more sensitive the data, the higher the costs. According to the report, healthcare organizations incurred the highest average cost of any industry at $7.13 million. Other key findings:
  • The use of smart technology can cut breach costs in half.
  • Compromised employee credentials are the most expensive breach method, followed by exploited third-party vulnerabilities.
  • The cost of mega breaches (records over 50 million compromised) soared by the millions.
  • Compared to other threat vectors, nation-state attacks were the most excessive.

 

Employee compromised accounts

Within the IBM report, compromised credentials (and cloud misconfigurations) are not only the most expensive but also the most common type of data breach. Together, they represent 40% of malicious incidents. The IBM X-Force Threat Intelligence Index 2020 stresses that more than 8.5 billion credentials were compromised in 2019, a 200% increase from the year before. Methods to compromise employee accounts include: And the current health crisis has exacerbated the situation with an increased reliance on employees working from home and cloud technology. SEE ALSO: IBM Security Study Finds Employees New to Working from Home Pose Security Risk Unsurprisingly, breaches through compromised employee login credentials have soared during the pandemic.

 

The healthcare industry

HIPAA (the Health Insurance Portability and Accountability Act of 1996) is U.S. legislation created to improve healthcare standards. Covered entities (CEs) must be HIPAA compliant to protect the rights and privacy of patients and their protected health information (PHI). SEE ALSO: Is a Name PHI? This means shielding patients’ PHI from exposure. Unfortunately, the healthcare industry has seen numerous incidents this year, including: In July 2020 alone, compromised email accounts led to over 500,000 individual’s PHI being exposed—by far the most of any threat vector. RELATED: HIPAA Data Breaches Also Surge During the Age of Coronavirus And as the IBM report highlights, costs are high for data breaches. Patient care may be interrupted and fines for HIPAA violations may be levied.

 

Spend upfront on strong cybersecurity

Preventing security breaches must be a continuous effort. Organizations must utilize a layered and comprehensive cybersecurity program along with up-to-date policies/procedures and constant employee awareness training. And for CEs, that also means making their email HIPAA compliant. Strong email security works in tandem with employee training to block many threat vectors that focus on employee compromise. Paubox Email Suite Premium provides needed protection with robust inbound and outbound security tools that require no extra steps for employees to send HIPAA compliant email which arrives directly into the recipient's inbox—no password or portal required. It seamlessly integrates with a customer’s existing email provider to send encrypted email by default, safeguarding both inbound and outbound email with data loss prevention tools. Paubox Email Suite Premium is a perfect option for CEs; by protecting themselves they also protect their patients’ PHI. Spending both time and money to build robust cybersecurity is worth it, in the short and long term.
 
Try Paubox Email Suite Premium for FREE today.
Start for free
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Image of a clipboard with a stethascope on top of it.

How MSSPs can help your healthcare IT

Lusanda Molefe : August 22, 2025

Healthcare organizations suffered over 3,900 data breaches between 2005 and 2019, exposing 249 million patient records, according to a study...

Healthcare cybersecurity news
Read More
stethoscope on digital background

When a healthcare organization is financially liable to a breach victim

Picture of Kapua Iao Kapua Iao : August 11, 2025

Data breaches in the healthcare industry threaten the confidentiality and security of sensitive patient information. When patients become casualties...

Patient privacy Healthcare cybersecurity news
Read More
Image of a stethascope on top of a clipboard.

How to vet an MSSP for healthcare compliance

Lusanda Molefe : October 23, 2025

Between 2005 and 2019 alone, healthcare suffered over 3,930 data breaches exposing 249 million patient records, according to a peer-reviewed study...

HIPAA compliance Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.