One quarter of U.S. consumers have had their personal medical information stolen from a technology system, according to the results of a survey conducted by Accenture. The survey, which was released Feb. 20, 2017, also found that 50 percent of those who had their information stolen as a result of a breach ended up victims of medical identity theft. Their out-of-pocket costs per incident averaged $2,500.
Accenture created a report using the results of a survey of 2,000 U.S. consumers. It found that breaches were most likely to occur in hospitals (36 percent) followed by urgent care clinics (22 percent), pharmacies (22 percent), physician offices (21 percent) and health insurers (21 percent). Half of the consumers affected by a breach found out about it themselves — by seeing an error on a credit card statement or a benefits explanation — rather than from a notification from the organization responsible.
“Unlike credit-card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses,” according to a press release about the report.
“Health systems need to recognize that many patients will suffer personal financial loss from cyberattacks of their medical information,” said Reza Chapman, managing director of cybersecurity in Accenture’s health practice. “Not only do health organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.”
In response to the breach, more than 90 percent of the victims took action, ranging from changing providers (25 percent) or insurance plans (21 percent), to seeking legal counsel (19 percent) or subscribing to identity protection services (24 percent).
Are you covered for identity theft?