- There is no question that healthcare cyberattacks can be particularly devastating to the industry, especially as several recent large-scale data breaches have shown how far reaching such attacks can be. However, a recent survey from Accenture shows that the monetary cost from healthcare cyberattacks will increase significantly over the next several years.
Specifically, healthcare cyberattacks over the next five years will cost $305 billion in cumulative lifetime revenue, according to Accenture analysis. The study also found that more than 25 million people — approximately one in 13 patients — will have their medical and/or personal information stolen from their healthcare provider’s digitized records between 2015 and 2019.
For the analysis, Accenture reviewed healthcare data breach information from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) to project the number of patients likely to be affected by such incidents from 2015 through 2019. The company also used information on medical identity theft from the Ponemon Institute to calculate potential identity theft victims and to quantity the patient revenue at risk.
With that same methodology, Accenture also said it “estimates that each provider organization lost an average of $113 million of lifetime patient revenue for every data breach it suffered in 2014.”
“To prevent revenue loss on this scale, healthcare providers must prioritize improvements of their cyber security in order to thwart attacks that aim to steal patient data from clinical and financial systems,” Accenture explains in the report. “Active defense requires a risk-based approach to cyber security management, using analytics to detect events and threats, as well as enabling a far swifter response to incidents.”
The analysis also showed that 16 percent of impacted patients, which is also more than 4 million people, will be victimized by healthcare data security incidents over the next five years. Furthermore, they are projected to pay nearly $56 billion in out of pocket costs in that same timeframe.
The previously mentioned active defense strategies could potentially help organizations better improve healthcare cybersecurity by an average of 53 percent over two years, according to Accenture. Specifically, healthcare organizations could benefit from the following steps:
- Assess security capability, identify opportunities
- Manage complexity and integrate the enterprise
- Become agile
- Accelerate toward security intelligence
- Develop end-to-end delivery and sourcing
The Accenture analysis aligns similarly with results from Ponemon’s annual Cost of Data Breach Study: Global Analysis, sponsored by IBM. In that report, Ponemon stated that healthcare’s per capita cost for a data breach was $398, which was well above the overall mean of $217. Additionally, the average cost for each lost or stolen record containing sensitive and confidential information increased from $201 to $217. The total average cost paid by organizations increased from $5.9 million to $6.5 million.
The implication of this analysis is that industries with the highest churn rates could significantly reduce the costs of a data breach by putting an emphasis on customer retention and activities to preserve reputation and brand value,” the report stated.