LONDON; April 25, 2017 – One in eight consumers in England (13 per cent) have had their personal medical information stolen from technology systems, according to results of a new survey from Accenture.
In addition, the survey found that the breaches in England were most likely to occur in pharmacies — the location cited by more than one-third (35 per cent) of consumers who experienced a breach — followed by hospitals (29 per cent), urgent care clinics (21 per cent), physician’s offices (19 per cent) and retail clinics (14 per cent). More than one-third (36 per cent) of English consumers who experienced a breach found out about it themselves or learned about it passively through noting an error on their health records or credit card statement. Only one-fifth (20 per cent) were alerted to the breach by the organisation where it occurred, and even fewer consumers (14 per cent) were alerted by a government agency.
Among those who experienced a breach, the majority (70 per cent) were victims of medical information theft with more than a third (39 per cent) having personal information stolen. Most often, the stolen identity was used for fraudulent activities (cited by 82 per cent of data-breached respondents) including fraudulently filling prescriptions (42 per cent) or fraudulently receiving medical care (35 per cent). And, a quarter of consumers in England (25 per cent) had their health insurance ID number or biometric identifiers (18 per cent) compromised. Unlike credit-card identity theft, where the card provider generally has a legal responsibility for significant account holder losses, victims of medical identity theft often have no automatic right to recover their losses.
“Patients must remain more vigilant than ever in keeping track of personal information including credit card statements and health records which could alert them to breaches,” said Aimie Chapple, managing director of Accenture’s UK health practice and client innovation in the UK & Ireland. “Similarly, health organisations must monitor patient information more carefully and remain transparent with those affected in the event of a breach to swiftly resolve the issue without losing consumers to competitors.”
Despite the myriad breaches occurring, consumers still trust their healthcare providers (84 per cent), labs (80 per cent) and hospitals (79 per cent) to keep their healthcare data secure more than they trust the government (59 per cent) or health technology companies (42 per cent) to do so. About two-thirds of consumers in England (65 per cent) either maintained or gained trust in the organisation from which their data was stolen, following a breach. And, more than half (68 per cent) of English consumers said they want to have at least some involvement in keeping their healthcare data secured, whereas only a quarter (28 per cent) said that they have such involvement today.
In response to the breach, nearly all (95 per cent) of the consumers who were data-breach victims reported that the company holding their data took some type of action. Some organisations explained how they fixed the problem causing the breach (cited by 29 per cent), explained how they would prevent future breaches (23 per cent) or explained the consequences of the breach (22 per cent). Of those that experienced a breach, over half (53 per cent) of respondents felt the breach was handled somewhat well while only 15 per cent of respondents felt the breach was handled very well, indicating there is potential room to improve.
“The time to assure consumers that their personal data is in secure, capable hands is now,” Chapple said. “When a breach occurs, healthcare payers and providers should be able to swiftly notify those affected, with a plan of action on how to remedy the situation and prevent it from happening again.”
The findings in this news release relate only to the England portion of Accenture’s survey. The full research, “Accenture’s 2017 Healthcare Cybersecurity and Digital Trust Research,” represents a seven-country survey of 7,580 consumers ages 18+ to assess their attitudes toward healthcare data, digital trust, roles and responsibilities, data sharing and breaches. The online survey included consumers across seven countries: Australia (1,000), Brazil (1,000), England (1,000), Norway (800), Saudi Arabia (850), Singapore (930) and the United States (2,000). The survey was conducted by Nielsen on behalf of Accenture between November 2016 and January 2017. The analysis provided comparisons by country, sector, age and use.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialised skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With approximately 401,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Accenture Security helps organisations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organisation’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defence, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.