Health systems are increasingly under attack by cyber adversaries and could see losses of $305 billion over the next five years according to new research from Accenture. The company estimates that one in 13 patients – roughly 25 million people – will have personal information, such as social security or financial records stolen in those attacks.
Nearly 1.6 million people had their medical information stolen from healthcare providers last year, according to the U.S. Department of Health and Human Services Office for Civil Rights. Unlike credit card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.
As CivSource reported last week, as states change their data breach laws more options may become available to individuals but that’s slow going.
Accenture projects that of the patients likely to be affected by healthcare-provider data breaches over the next five years, 25 percent of patients – or 6 million people – will subsequently become victims of medical identity theft. One in six (16 percent) of the affected patients – or 4 million people – will be victimized and pay out-of-pocket costs totaling almost $56 billion over the same time period.
The report provides recommendations on what healthcare providers can do now to limit the scope of an attack. Those recommendations include creating a cybersecurity system that provides multi-layered security and builds an end-to-end sourcing and delivery pipeline.