Study: One in four U.S. consumers have had their personal medical information stolen

The Accenture study also finds that half of these victims were subject to medical identity theft and on average had to pay $2,500 in out-of-pocket costs per incident.
By Bill Siwicki
08:23 AM
Share
Accenture medical identity theft

Accenture managing director Reza Chapman said healthcare organizations need to build digital trust with patients.  

Twenty-six percent of U.S. consumers have had their personal medical information stolen from healthcare information systems, according to results of a new study from Accenture released today at HIMSS17 in Orlando.

The findings show that 50 percent of those who experienced a breach were victims of medical identity theft and had to pay approximately $2,500 in out-of-pocket costs per incident, on average.

In addition, the survey of 2,000 U.S. consumers found that the breaches were most likely to occur in hospitals (the location cited by 36 percent of respondents who experienced a breach), followed by urgent-care clinics (22 percent), pharmacies (22 percent), physicians’ offices (21 percent) and health insurers (21 percent).

50 percent of consumers who experienced a breach found out about it themselves, through noting an error on their credit card statement or benefits explanation, whereas only 33 percent were alerted to the breach by the organization where it occurred, and only 15 percent were alerted by a government agency, according to the survey.

Among those who experienced a breach, 50 percent were victims of medical identity theft, the survey found. Most often, the stolen identity was used to purchase items (cited by 37 percent of data-breached respondents) or used for fraudulent activities, such as billing for care (37 percent) or filling prescriptions (26 percent).

Nearly one-third of consumers had their social security number (31 percent), contact information (31 percent) or medical data (31 percent) compromised, according to the survey. Unlike credit card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.

“Health systems need to recognize that many patients will suffer personal financial loss from cyberattacks of their medical information,” said Reza Chapman, managing director of cybersecurity in Accenture’s health practice. “Not only do health organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.”

Despite all of the breaches occurring in healthcare, significantly more consumers still trust their healthcare provider (88 percent) and payer (82 percent) to keep their healthcare data secure than trust health technology companies (57 percent) or the government (56 percent) to do so, the survey found. And while more than four in five consumers (82 percent) said they want to have at least some involvement in keeping their healthcare data secured, fewer than two-thirds (64 percent) said that they have such involvement today.

HIMSS17 runs from Feb. 19-23, 2017 at the Orange County Convention Center.


This article is part of our ongoing coverage of HIMSS17. Visit Destination HIMSS17 for previews, reporting live from the show floor and after the conference.


Like Healthcare IT News on Facebook and LinkedIn