Topics
More on Risk Management

Cyberattacks could cost healthcare providers $305 billion in next 5 years, report says

One out of every 13 patients will have sensitive financial data stolen from their healthcare provider's IT systems, Accenture report says.

Mike Miliard, Editor, Healthcare IT News

Over the next five years, U.S. health systems stand to lose a total of $305 billion from coordinated cyberattacks, according to a new report by Accenture. Even worse, their patients are at big financial risk themselves.

The report – The $300 Billion Attack: The Revenue Risk and Human Impact of Healthcare Provider Cyber Security Inaction – predicts that 25 million people, one out of every 13 patients, will have sensitive financial data stolen from their healthcare provider's IT systems over the next half-decade.

"What most health systems don't realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information," said Kaveh Safavi, MD, managing director of Accenture's global healthcare business, in a statement. "If healthcare providers are complacent to safeguarding personal information, they'll risk losing substantial revenues and patients as a result of medical identity theft."

[Also: Healthcare finance tips for safeguarding against cyberattacks]

Out of the patients likely to be affected by healthcare-provider data breaches over the next five years, 25 percent of patients (six million people) will subsequently become victims of medical identity theft. Some 16 percent of the affected patients (four million people) will be victimized and pay out-of-pocket costs approaching $56 billion over the same time period.

Unlike credit card identity theft, where card issuers are generally on the hook for customer losses of $50 or more, medical identity theft often leaves its victims with no automatic recourse to recoup their losses, Safavi points out.

Nonetheless, despite the risks, Accenture research points to a "significant gap" in providers' preparedness for ever-craftier cyber crooks.

"In the end, when a breach occurs, the goal is not to say 'what is our plan?' but, 'how is our plan working?'" he said.

Twitter: @mikemiliardHITN