Healthcare entity leaves its patients exposed after breach

 

Green Chalkboard with the Text Take Action Hangs on the Gray Concrete Wall in the Interior of a Modern Office. Illustration with Doodle Style Elements. 3D.

Athens Orthopedic Clinic (AOC) in Georgia, suffered a cyber-attack in June of 2016 that impacted roughly 200,000 patients.  If that's not bad enough, AOC is not able to pay for extended credit monitoring for its victims.  The healthcare industry, including small, single doctor practices, needs to sit up and take notice. Cyber criminals are at your back door, front door and trying to crawl through your networks.  You need to take action to Defend, Detect, and Defeat cyber breaches from stealing your patients PHI.  Remember, it's their valuable data, you're responsible for protecting it.

If you, as a physician went to your bank and asked for $50,000 to buy a new car and the bank said, oh, well, we had a cyber breach two months ago and it looks like your credit is locked because of several large unpaid loans, how would you feel?  You didn't take out any loans, you don't have bad credit.  Would you feel happy? Elated that your bank failed to notify you?  Or lucky to know you can't use your credit anymore?  Probably not, you're going to be infuriated that the institution you trusted with your money failed to protect it and even failed to protect your credit.

Now, take that one step further, the PHI you maintain can be used to create new identities and completely new and separate credit and debt using another person's identity.  The bank and credit situation can be stopped and rectified fairly easily and quickly compared to identity theft, which can take years to clean up and even longer to recover from the damage it causes.

The lesson learned from AOC is take action now, be proactive in hardening your electronic, networked, computer systems.  Put a security plan in place to protect your PHI.  Have a breach notification plan in place.  And purchase insurance that will help you recover and protect your patients in the event of a cyber-breach.  You should also work on being HIPAA compliant, since it now focuses on your technology and security plan and level of compliance.

For more details on the AOC breach read the article by Dan Bowman on FierceHealthcare.

Protect your patients, protect your practice, protect yourself™.

Robert Felps
About the Author

Innovative problem solver. Robert Felps takes a holistic view of the situation, understanding the business objectives, then architects a solution that exceeds the expectations for much less than standard industry solutions would cost.

%d bloggers like this: