The personal side of cyber attacks on patients’ medical information shouldn’t be lost on healthcare organizations, as a sizable percentage of the U.S. population has been victimized by hacks and face personal expense in resolving the incident.

More than one in four U.S. consumers (26 percent) have had personal medical information stolen from technology systems, according to results of a survey from Accenture, a consultancy, released Monday at the HIMSS17 conference and exposition in Orlando.

The findings of Accenture’s survey show that 50 percent of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.

Unlike credit-card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses, Accenture executives noted.

Also See: Most organizations unprepared for data theft by employees

In addition, the survey of 2,000 consumers found that more than a third (36 percent) of the breaches occurred in hospitals, followed by urgent care clinics (22 percent), pharmacies (22 percent), physician’s offices (21 percent) and health insurers (21 percent).

Half of respondents who experienced a breach found out about it themselves, through noting an error on their credit card statement or benefits explanation, while 33 percent were alerted to the breach by the organization where it occurred, and 15 percent found out about it through a government agency.

Among those who experienced a breach, 50 percent were victims of medical identity theft. Most often, the stolen identity was used to purchase items (cited by 37 percent of respondents suffering a breach) or used for fraudulent activities, such as billing for care (37 percent) or filling prescriptions (26 percent).

Some 31 percent of respondents reported that their Social Security number (31 percent), contact information or medical data compromised.

Reza Chapman

“Health systems need to recognize that many patients will suffer personal financial loss from cyberattacks of their medical information,” said Reza Chapman, managing director of cybersecurity in Accenture’s health practice. “Not only do healthcare organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.”

Despite the number of breaches occurring, significantly more consumers still trust their healthcare provider (88 percent) and payer (82 percent) to keep their healthcare data secure than trust health technology companies (57 percent) or the government (56 percent) to do so. And while more than four in five consumers (82 percent) said they want to have at least some involvement in keeping their healthcare data secured, fewer than two-thirds (64 percent) said that they have such involvement today.

“Now is the time to strengthen cybersecurity capabilities, improve defenses, build resilience and better manage breaches so that consumers have confidence that their data is in trusted hands,” Chapman said.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access