HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Cost of Health System Cyberattacks to Rise to $305 Billion

The cost of health system cyberattacks is set to increase substantially, according to a recent study conducted by global management consulting firm, Accenture.

The new study predicts the cost of health system cyberattacks will rise to $305 billion over the next 5 years, and will affect approximately 25 million patients. The company also estimates that 1 in every 13 U.S healthcare system patients are likely to have their identities stolen and used to commit fraud over the same time period.

The research team calculated that 1.6 million patients have already had their medical data stolen from healthcare providers in 2014. With the number of breach victims already created in 2015, next year’s figures are likely to be considerably higher.

Cost of Health System Cyberattacks Will Continue to Increase


For the study, Accenture used data compiled by the Ponemon Institute along with breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights. That data was used to determine the number of individuals who were likely to suffer identity theft, then Accenture quantified the patient revenue that would be put at risk. The figures were then projected for the next 5 years.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

25% of Breach Victims Will Incur Out of Pocket Expenses


Unfortunately for healthcare patients, criminals are trying to gain access to medical data in order to steal identities and commit medical fraud. When fraud is committed, the victims are often left with few options for recourse. Credit card companies have a legal responsibility to protect card holders, and cases of fraud often see any financial losses suffered reimbursed. With medical identity theft, patients often have to cover the cost out of their own pockets.

Accenture paints a bleak picture for patients. Huge volumes of data are now being stolen, and the company’s team of researchers believe the number of cases of identity theft stemming from medical data breaches will impact 25% of data breach victims.

Over the next five years the team estimates that out of the 25 million patients affected by health system data breaches, 6 million will suffer medical identity theft, and 16% of all data breach victims will have to cover out of pocket costs as a result of the theft of their identities. The cost to patients is expected to be $56 billion over the next 5 years.

According to Kaveh Safavi, M.D., J.D., Managing Director of Accenture’s global healthcare business “If healthcare providers are complacent to safeguarding personal information, they’ll risk losing substantial revenues and patients as a result of medical identity theft.” He also said, “What most health systems don’t realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information.”

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.