Cyberattacks will cost U.S. health systems $305 billion

Cyberattacks over the next five years will cost U.S. health systems $305 billion in cumulative lifetime revenue. Accenture estimates that one in 13 patients – roughly 25 million people – will have personal information, such as social security or financial records, stolen from technology systems over the next five years.


“What most health systems don’t realize is that many patients will suffer personal financial loss as a result of cyberattacks on medical information,” said Kaveh Safavi, M.D., J.D., managing director of Accenture’s global healthcare business. “If healthcare providers are complacent to safeguarding personal information, they’ll risk losing substantial revenues and patients as a result of medical identity theft.”

Nearly 1.6 million people had their medical information stolen from healthcare providers last year, according to the U.S. Department of Health and Human Services Office for Civil Rights. Unlike credit card identity theft, where the card provider generally has a legal responsibility for account holders’ losses above $50, victims of medical identity theft often have no automatic right to recover their losses.

Accenture projects that of the patients likely to be affected by healthcare-provider data breaches over the next five years, 25 percent of patients – or 6 million people – will subsequently become victims of medical identity theft. One in six (16 percent) of the affected patients – or 4 million people – will be victimized and pay out-of-pocket costs totaling almost $56 billion over the same time period.

Addressing cybersecurity proactively can improve a provider’s ability to thwart attacks by an average of 53 percent, Accenture research shows. Yet, according to the Accenture report, there is a significant gap in how well prepared they are to deal with such inevitabilities.

“In the end, when a breach occurs, the goal is not to say ‘what is our plan,’ but, ‘how is our plan working?’” Safavi said.