Data breaches reflect an alarming trend that presents two critical challenges for healthcare companies to solve. From a technical perspective, the industry must equip itself with tools and strategies that more reliably protect patient data from these cyberattacks. In tandem, companies must develop a more nuanced understanding of how consumers respond to data breaches in order to build a strategy to address consumers’ concerns and retain customers.
A recent TransUnion survey measuring the attitudes of more than 1,200 U.S. consumers who received medical care at a doctor’s office, clinic or hospital in the past two years, offers a view into how consumers expect companies to respond after a breach. The survey also provided insights on how companies can expect their customers to react after a data breach.
Perhaps most concerning for victims of cyberattacks, the survey found nearly seven in 10 consumers would avoid a healthcare provider that has experienced a data breach. The impact of cyberattacks on consumer attitudes appears even more worrisome when separated by age group.
TransUnion’s survey found that 73% of patients ages 18 to 34 are likely to switch providers following a data breach.
Millennials’ notoriously weak brand loyalty and their apparent impatience regarding privacy intrusions are major considerations given the value of young people in the healthcare industry.
According to U.S. Census data, more than 80 million millennials recently entered the healthcare marketplace, and their influence in picking industry winners and losers goes far beyond volume. Insurers need enough younger and healthier adults to offset the significant costs of treating older adults. A Kaiser Family Foundation report found the cost of treating 18-24 year olds averaged $1,834 per person annually, compared to $2,739 for people ages 25 to 44 and $5,511 for those ages 45-64. For some healthcare companies, losing any meaningful number of young consumers could disrupt the delicate equilibrium that keeps them competitive and solvent.
The survey findings are also instructive for developing a cyberattack response plan. From the moment a breach is discovered, consumers say they expect company officials to provide several different forms of support. To start, individuals in every age group have high expectations for how quickly companies inform the public of a data breach. Roughly half expect a response or notification within one day, and more than three in four surveyed anticipate a response or notification within one to three days.
In the wake of a cyberattack, roughly six in 10 individuals believe the company should setup a dedicated phone hotline for questions, and a majority expects a dedicated website to provide consumers with details and answer their questions. For more lasting support, 72% expect companies to offer at least one year of free credit monitoring after data is stolen.
These steps are the minimum for responding to a data breach in a way that maintains relationships and salvages goodwill with customers. Companies should be prepared to fold the basic customer service elements into a more comprehensive plan that takes patients through the process of identifying if their information has been compromised to preventing any corresponding fraud.
TransUnion’s Data Breach Services, which we have built by working directly with clients and consumers over several years, provides one model for how response programs can work. Our three-step system includes a personal review of each patient’s credit file to identify fraud, and the development of a personalized report and supporting educational materials for patients. Using TransUnion ID verification, hospitals and health systems can validate patient information at the point-of-service by comparing patient-reported data to TransUnion’s extensive databases of consumer contact and financial information. This powerful solution identifies discrepancies in demographics, enables hospitals to correct patient information and detects potential fraud or medical identity theft. TransUnion provides templates and established processes each step of the way, which is particularly useful in the chaos that follows a major breach.
With a growing number of privacy-sensitive consumers entering the healthcare market, and increasingly sophisticated hackers seeking to steal information, healthcare companies must have a proper plan in place to protect and recover data in a timely manner. Without a clear cybersecurity strategy, companies run the risk of losing valuable customers and experiencing severe reputational damages.
For further insights and proven solutions, see the full article by Gerry McCarthy of TransUnion Healthcare in Becker’s Hospital Review.