Accenture estimates that one in 13 patients – roughly 25 million people – will have personal information, such as social security or financial records, stolen from technology systems over the next five years.
“What most health systems don’t realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information,” said Kaveh Safavi, M.D., J.D., managing director of Accenture's global healthcare business. “If healthcare providers are complacent to safeguarding personal information, they’ll risk losing substantial revenues and patients as a result of medical identity theft.”
Nearly 1.6 million people had their medical information stolen from healthcare providers last year, according to the U.S. Department of Health and Human Services Office for Civil Rights. Unlike credit card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.
Accenture projects that of the patients likely to be affected by healthcare-provider data breaches over the next five years, 25 percent of patients – or 6 million people – will subsequently become victims of medical identity theft. One in six (16 percent) of the affected patients – or 4 million people – will be victimized and pay out-of-pocket costs totaling almost $56 billion over the same time period.
Addressing cybersecurity proactively can improve a provider’s ability to thwart attacks by an average of 53 percent, Accenture research shows. Yet, according to the Accenture report, there is a significant gap in how well prepared they are to deal with such inevitabilities.
“In the end, when a breach occurs, the goal is not to say ‘what is our plan,’ but, ‘how is our plan working?’” Safavi said.
Accenture used historical security breach data from the U.S. Department of Health and Human Services Office for Civil Rights to project the number of patients likely to be affected by healthcare provider data breaches from 2015 through 2019. Based on medical identity theft information by the Ponemon Institute, Accenture calculated the number of affected patients who would become victims of medical identity theft and quantified the patient revenue that would be put at risk.
Accenture is a global management consulting, technology services and outsourcing company, with more than 358,000 people serving clients in more than 120 countries. Combining unparalleled experience, comprehensive capabilities across all industries and business functions, and extensive research on the world’s most successful companies, Accenture collaborates with clients to help them become high-performance businesses and governments. The company generated net revenues of US$31.0 billion for the fiscal year ended Aug. 31, 2015. Its home page is www.accenture.com.