One in Four Americans Have Been Victims of Healthcare Data Breach
One in four Americans (26%) have had their medical information stolen, and these breaches can be quite costly, according to recent research from Accenture. Half the victims had to pay an average of $2,500 in out-of-pocket costs per incident.
The Accenture 2017 Healthcare Cybersecurity and Digital Trust Research, which surveyed 2,000 U.S. consumers, found that hospitals accounted for 36% of these breaches. Urgent care clinics (22%), pharmacies (22%), physician’s offices (21%) and health insurers (21%) rounded out the list.
Among those who experienced a breach, 50% were victims of medical identity theft. Information taken in the breaches included social security numbers (31%), contact information (31%) or medical data (31%). This stolen information was most often used to purchase items (37%) or used for fraudulent activities, such as billing for care (37%) or filling prescriptions (26%). Unlike credit card identity theft, where a card issuer has a legal responsibility to cover losses above $50, medical identity theft victims do not have an automatic right to recover losses.
How did victims discover their medical information was at risk? Half found out about it on their own when they noted an error on their benefits explanation or credit card statement. Of those who uncovered the breach, only 12% alerted the organization of the breach. A third (33%) of data breach victims were alerted by the medical provider, and 15% were alerted by a government agency.
In response to these breaches, 91% of the victims took some sort of action. Some took action against the providers by changing healthcare providers (25%), switching insurance plans (21%) or seeking legal counsel (19%). Others took more personal steps by changing login credentials (29%), subscribing to an identity-protection service (24%) or adding security software to their computer (20%).