Now that 47 states and the federal government have enacted breach notification laws, there is a growing awareness among the general population about data breaches, according to a recently released consumer survey by the Ponemon Institute, which had a 2005 survey for comparison.
In that earlier survey, 12% of respondents indicated they had been contacted about a breach involving their personal information. In the recent survey, that number more than doubled to 25% (708 who said they had experienced a breach out of 2,832 respondents to the Web-based survey.)
The survey, sponsored by Experian, the credit bureau that sells identity theft protection services, broadly assessed consumer attitudes and experiences about breaches across an array of industries, healthcare information breaches included.
Ten percent of those who had experienced a breach of their records said their medical and healthcare records were lost or stolen, with 5% saying the breach involved their health plan provider account numbers and 3% their prescriptions. Eight percent said they had received breach notices from hospitals or clinics, 2% from an insurance company and 9% from a state or local government agency.
Just 35% of respondents who reported having experienced a breach indicated it was only one. Another 30% had been through two breaches, 14% three and 7% four, 5% five and 9% more than five.
Asked “What personal data if lost or stolen would you most worry about?” Sixty-five percent of respondents indicated it would be their prescription records, which tied for fifth along with credit card or bank payment information among 22 ranked responses. Respondents were more fearful of losing their password or personal identification number (92%), Social Security number (89%) and “social media accounts/handles (68%).
Asked “How concerned were you when you received the (breach) notification?” Forty percent of respondents selected “very concerned” and 48% “concerned.” Meanwhile, 62% indicated the breach “decreased my trust and confidence in the organization,” so much so that 15% indicated they “would, or already have,” discontinued their relationship with the organization, another 39% said they might break ties over the breach and 35% said they won’t “as long as it does not happen again.”