Share this article on:
Given the volume of healthcare records that have been exposed or stolen over the past two years, it comes as little surprise that 26% of Americans believe their health data have been stolen. The figures come from a recent survey conducted by Accenture.
The survey was conducted on 2,000 U.S. adults and more than a quarter said that their medical information has been stolen as a result of a healthcare data breach.
Healthcare information is attractive for cybercriminals as the information in health records does not expire. Credit card numbers can only be used for an extremely limited time before cards are blocked. However, Social Security numbers can be used for a lifetime and health insurance information can similarly be used for extended periods. The information can also be used for a multitude of nefarious activities such as tax fraud, identity and medical identity theft and insurance fraud.
It is also unsurprising that many victims of healthcare data breaches have reported suffering losses as a result of the theft of their data. According to Accenture, half of the individuals who said their data have been stolen said they have experienced medical identity theft as a result. The survey revealed that when medical identity theft occurs, out of pocket expenses of $2,500 are incurred on average.
The report shows half of the individuals who said their data have been stolen did not find out from a breach notification letter. They discovered they were a victim of a healthcare data breach after seeing charges on bank/credit card statements and suspicious entries on their Explanation of Benefits statements. Only a third of respondents said they were notified of the breach by the breached entity.
Even with record numbers of healthcare data breaches occurring, Americans still have faith in providers’ abilities to keep electronic protected health information secure. 88% of respondents said they trusted their providers to secure their ePHI. 85% said they trusted pharmacies, 84% trusted hospitals and 82% trusted health insurance companies. Healthcare technologies fared much worse (57%), as did government organizations (56%).
Businesses that experience data breaches know all too well that there is considerable fallout after a breach announcement is made. Many customers simply take their business elsewhere. That was clearly evident after the Target breach.
However, changing healthcare provider is less straightforward. That said, many breach victims said they did change healthcare provider or insurer after they were notified that their health information had been stolen. A quarter of breach victims said they had already changed healthcare provider following a data breach, while 21% said they had changed health insurance provider.
If a data breach or an attack is experienced, healthcare organizations should carefully assess what went wrong and how their cybersecurity defenses can be improved. Considering the impact healthcare data breaches have on patients and the considerable fallout following a data breach, healthcare organizations should ensure that their cybersecurity defenses are up to scratch to prevent data breaches from occurring in the first place.