Healthcare data breaches in England

insights from industryAimie ChappleUKI Chief Innovation Officer,AccentureAn interview with Aimie Chapple, conducted by April Cashin-Garbutt, MA (Cantab)

Can you please outline the results of Accenture’s recent survey on healthcare data breaches among England consumers? What were the main findings?

According to Accenture’s survey of 1,000 consumers in England, one-in-eight (13 per cent) have had their personal medical information stolen from technology systems.

More than half (68 per cent) of English consumers said they want to have at least some involvement in keeping their healthcare data secured, whereas only a quarter (28 per cent) said that they have such involvement today.

Where were the breaches found to be most likely to occur?

Breaches were most likely to occur in pharmacies — the location cited by more than one-third (35 per cent) of consumers who experienced a breach — followed by hospitals (29 per cent), urgent care clinics (21 per cent), physician’s offices (19 per cent) and retail clinics (14 per cent).

Were you surprised by these results?

Given its widespread use of sensitive personal data, the healthcare industry is a consistent target for cyberattacks. Consumers must remain more vigilant than ever in keeping track of their personal information and monitoring records, such as credit card statements, for charges they don’t recognize.

Similarly, healthcare organizations must monitor patient information more carefully and remain transparent when a breach occurs to swiftly resolve the issue without losing consumer to competitors

What were the stolen identities used for?

Among those who were victims, the stolen identity was most often used for fraudulent activities (cited by 82 per cent of data-breached respondents) including fraudulently filling prescriptions (42 per cent) or fraudulently receiving medical care (35 per cent).

And, a quarter of consumers in England (25 per cent) had their health insurance ID number or biometric identifiers (18 per cent) compromised.

Unlike credit-card identity theft, where the card provider generally has a legal responsibility for significant account holder losses, victims of medical identity theft often have no automatic right to recover their losses.

How were patients alerted to the breaches?

More than one-third (36 per cent) of English consumers who experienced a breach found out about it themselves or learned about it passively through noting an error on their health records or credit card statement.

Only one-fifth (20 per cent) were alerted to the breach by the organization where it occurred, and even fewer consumers (14 per cent) were alerted by a government agency.

In response to the breach of their healthcare data, English consumers were the largest majority (94 per cent) from our seven-country sample to take action to protect their data. They took personal responsibility for changing passwords or other credentials (22 per cent); subscribing to an identity protection service (22 per cent) or adding security software to their own computers (19 per cent).

What can healthcare providers do to remedy the situation when a breach occurs?

When a breach occurs, healthcare payers and providers should be able to swiftly notify those affected, with a plan of action on how to remedy the situation and prevent it from happening again.

In response to the breach, nearly all (95 per cent) data breach victims reported that the company holding their data took some type of action. Some organizations explained how they fixed the problem causing the breach (cited by 29 per cent), explained how they would prevent future breaches (23 per cent) or explained the consequences of the breach (22 per cent).

Of those that experienced a breach, over half (53 per cent) of respondents felt the breach was handled somewhat well while only 15 per cent of respondents felt the breach was handled very well, indicating there is potential room to improve.

What more can health organizations do to monitor patient information and prevent data breaches?

Healthcare providers must lay a foundation for building cyber resilience, response capabilities and a proactive defense, including:

  • Improve response capabilities: Along with improving detection, handle breaches quickly, efficiently and in a way that limits damage
  • Validate downtime procedures: Strive to reduce recovery time to minimize impact on patient care and business operations
  • Share threat information: Act on learnings, share insights with others and communicate to consumers about the actions you have taken.
  • Re-boot your approach: Embrace an end-to-end cyber defense that recognizes a spectrum of threats, minimizes exposure, and identifies and protects high-priority assets.
  • Manage risks: Make targeted cybersecurity investments that will deliver measurable returns and help you build digital trust with healthcare consumers who are increasingly security-aware.  

How do data breaches affect trust between consumers and healthcare providers?

Despite the myriad breaches occurring, consumers still trust their healthcare providers (84 per cent), labs (80 per cent) and hospitals (79 per cent) to keep their healthcare data secure more than they trust the government (59 per cent) or health technology companies (42 per cent) to do so.

About two-thirds of consumers in England (65 per cent) either maintained or gained trust in the organization from which their data was stolen, following a breach.

What do you think the future holds for healthcare data breaches?

Breaches will continue to occur. It’s important that healthcare providers educate their staff on the latest vulnerabilities, effective data practices and how they should handle and communicate known breaches. Similarly, consumers need to educate themselves on safeguarding their data and what rights they have in the event of being breached.

Where can readers find more information?

Readers can review the full findings for England on:

About Aimie Chapple

Aimie has been at the forefront of innovative thinking and identification of market trends for the past 20 years. Aimie’s career spans all 5 Accenture Industry Groups with a focus on Change Management and Organisational Effectiveness across the globe. Aimie’s genuine curiosity coupled with her commitment to the exploration of fresh ideas and radical approaches to innovation has been instrumental to the growth and transformation of the world’s leading brands.

A well established and respected Thought Leader, Aimie is often described as an inspirational speaker and a positive force for motivational change. A wealth of international audiences have enjoyed Aimie’s original presentations ranging from business opportunities derived from ‘Big Data’ and multiple debates on ‘The Future of Work’ through to the impact of ‘The Aging Population’ across geographies.

Follow Aimie Chapple on Twitter

Connect with Aimie Chapple on LinkedIn

Posted in: Insights from Industry | Device / Technology News | Healthcare News

Tags: , ,

Advertisement

Comments

The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News-Medical.Net.
Post a new comment
Post
You might also like... ×
Carbon monoxide poisoning not routinely detected in healthcare system, report reveals