Most consumers don’t trust hospitals with their data: Survey

Two out of three consumers said they didn’t think large hospitals were as careful as they should be with their personal and payment information.

Healthcare organizations have some work to do to build trust with patients in handling their personal information, according to a new study.

Most of those surveyed said they weren't confident healthcare organizations were protecting their payment information and their personal information. The survey was conducted by Semafone, a Boston-based firm that provides data security for call centers.

Patients showed the most skepticism with large hospital systems when it came to their personal information. The study found 66% of respondents said they didn’t feel large hospitals handled their personal or financial information securely.

Overall, only 44% of respondents said they thought private practices were safeguarding their personal information.

“Regardless of size, the entire healthcare industry must do better at navigating and preventing data breaches,” Gary E. Barnett, CEO of Semafone, said in a statement. “The sheer number of breaches in and out of healthcare is problematic.”

Consumers are willing to switch healthcare providers if there was a data breach, the survey said.

Two out of three consumers (66%) said they would drop a provider if their personal information was compromised due to the provider’s lax security. Nearly 90% said healthcare providers should face financial penalties if they don’t have sufficient defenses to ensure the safety of patients’ personal information.

With more people paying healthcare bills electronically, hospitals face more pressure to keep data secure. Consumers are more willing to pay through websites, mobile app or via their phones, the survey found.

Many patients have their first contact with a healthcare organization through a call center. Healthcare systems need to consider call centers in their security plans, Barnett said.

"By breaching a single system in the contact center, cybercriminals can move from one network infrastructure to the next, jeopardizing the entire healthcare organization and putting sensitive patient data out in the open,” he said in a statement.

“We must take steps to curb these threats and answer the increasing demands of consumers to keep data secure with technology that is readily available," Barnett said. "If we don’t, the potential of exposing data could be reason enough for patients to leave healthcare organizations altogether."

Healthcare organizations across the country have endured breaches of their personal information.

Federal officials have warned that healthcare organizations are particularly vulnerable to cyber attacks. The federal government has reported nearly 600 breaches of healthcare organizations affecting at least 500 people in 2021.

Last month, federal authorities warned cyber attackers backed by the Iranian government are targeting critical infrastructure systems, including the healthcare industry. Attacks on critical systems have been occurring for months and one of the targets was a U.S. children’s hospital authorities said.

Most hospitals have dealt with cybersecurity threats, according to a Healthcare Information and Management Systems Society (HIMSS) survey in 2020. In that survey, 70% of cybersecurity professionals reported serious security incidents within the previous year.

The Semafone survey gauged responses from 1,000 U.S. residents between the ages of 18 and 65.

Last month, the federal government launched a new website to help healthcare organizations boost their cybersecurity defenses.