It’s probably common knowledge by now (at least among those who follow health IT and cybersecurity news) that the number of data breaches in recent years has increased significantly, making headlines and raising concerns. Now, an Accenture study has shed new light on the far-reaching impact breaches have had on individuals. As ID Experts first reported, Accenture’s researchers found that 26 percent of Americans, or more than one in four, had had their health care data breached—meaning that health systems need to step up their efforts when it comes to privacy. “Not only do health organizations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach,” Accenture’s Reza Chapman noted in a press release accompanying the findings of the study, which included data from more than 2,000 Americans surveyed.
Among the findings: half of those whose data was breached were ultimately the victims of medical identity theft, and were forced to pay an average of $2,500 out of pocket to remedy the situation. (“Unlike credit-card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses,” Accenture explains.) Also notable: Half of those surveyed discovered the breaches themselves, with only a third of respondents reporting that the organization where the breach occurred notified them of it. Accenture’s researchers also examined the institutions where breaches were most likely to occur, finding that hospitals were the most vulnerable to breaches, along with urgent care clinics and pharmacies. (Along similar lines, another recent study identified academic medical centers as the institutions most susceptible to breaches.)
What can hospitals and health systems do to protect their patients’ privacy? As Accenture’s Chapman commented, institutions must have comprehensive plans in place. “Now is the time to strengthen cybersecurity capabilities, improve defenses, build resilience and better manage breaches so that consumers have confidence that their data is in trusted hands,” he said. Notably, despite the rise in breaches, survey respondents still trusted their health care providers to protect their personal information; while 88 percent expressed trust in providers, only 56 percent had such trust in the government. What’s more, many breach victims (more than 91 percent of those surveyed) have taken steps to protect themselves, independent of the organization where the breach occurred; Accenture noted that some took measures ranging from retaining legal counsel to enrolling in identity-protection services. Nearly two thirds of respondents reported that they themselves were in some way involved in protecting their health care data. But Chapman urges health care organizations to step up their own efforts. As he put it: “When a breach occurs, health care organizations should be able to ask ‘How is our plan working’ instead of ‘What’s our plan?’”