One in Four US Consumers Have Had Their Healthcare Data Breached, Accenture Survey Reveals
Half of data-breach victims incurred resulting out-of-pocket costs of $2,500, on average
ORLANDO, Fla.–(BUSINESS WIRE)–One in four U.S. consumers (26 percent) have had their personal medical information stolen from technology systems, according to results of a survey from Accenture (NYSE: ACN) released today at HIMSS2017 in Orlando.
The findings show that half (50 percent) of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.
In addition, the survey of 2,000 U.S. consumers found that the breaches were most likely to occur in hospitals — the location cited by more than one-third (36 percent) of respondents who experienced a breach — followed by urgent-care clinics (22 percent), pharmacies (22 percent), physician’s offices (21 percent) and health insurers (21 percent). Half (50 percent) of consumers who experienced a breach found out about it themselves, through noting an error on their credit card statement or benefits explanation, whereas only one-third (33 percent) were alerted to the breach by the organization where it occurred, and only about one in seven (15 percent) were alerted by a government agency.
Among those who experienced a breach, half (50 percent) were victims of medical identity theft. Most often, the stolen identity was used to purchase items (cited by 37 percent of data-breached respondents) or used for fraudulent activities, such as billing for care (37 percent) or filling prescriptions (26 percent). Nearly one-third of consumers had their social security number (31 percent), contact information (31 percent) or medical data (31 percent) compromised. Unlike credit-card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.
“Health systems need to recognize that many patients will suffer personal financial loss from cyberattacks of their medical information,” said Reza Chapman, managing director of cybersecurity in Accenture’s health practice. “Not only do health organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.”
Despite the myriad of breaches occurring, significantly more consumers still trust their healthcare provider (88 percent) and payer (82 percent) to keep their healthcare data secure than trust health technology companies (57 percent) or the government (56 percent) to do so. And while more than four in five consumers (82 percent) said they want to have at least some involvement in keeping their healthcare data secured, fewer than two-thirds (64 percent) said that they have such involvement today.
In response to the breach, nearly all (91 percent) of the consumers who were data-breach victims took some type of action. Some changed healthcare providers (cited by 25 percent), insurance plans (21 percent) or sought legal counsel (19 percent). Others took personal steps, such as changing login credentials (29 percent), subscribing to identity-protection services (24 percent) or adding security software to their computer (20 percent). Only 12 percent of data-breach victims reported the breach to the organization holding their data.
“Now is the time to strengthen cybersecurity capabilities, improve defences, build resilience and better manage breaches so that consumers have confidence that their data is in trusted hands,” Chapman said. “When a breach occurs, healthcare organizations should be able to ask ‘How is our plan working’ instead of ‘What’s our plan?”
The findings in this news release relate only to the U.S. portion of Accenture’s seven-country survey. The full research, “Accenture’s 2017 Healthcare Cybersecurity and Digital Trust Research,” represents a seven-country survey of 7,580 consumers ages 18+ to assess their attitudes toward healthcare data, digital trust, roles and responsibilities, data sharing and breaches. The online survey included consumers across seven countries: Australia (1,000), Brazil (1,000), England (1,000), Norway (800), Saudi Arabia (850), Singapore (930) and the United States (2,000). The survey was conducted by Nielsen on behalf of Accenture between November 2016 and January 2017. The analysis provided comparisons by country, sector, age and use.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 394,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Jenn Francis, + 1 630-338-6426