A Dallas-based home health service provider recently disclosed that access to its network was gained by unauthorized individuals and ransomware used to encrypt files. The breach was detected when staff members were unable to access files.
An ensuing investigation determined the network was accessed sometime between June 15–29, 2022. During that time, files containing names, addresses, dates of birth, SSNs, diagnosis information, and medical information were exfiltrated from the network.
The incident was reported to the Texas Attorney General’s office and the Office of Civil Rights as affecting a little over 124,000 individuals.
Attacks can shut an office down.
Attacks like this one have the potential to shut down a practice for weeks or months. Some dental practices have permanently shut their doors due to the human and financial costs of dealing with a breach less than a quarter the size of this one.
The first preventative steps are easy to take—and powerful.
Don’t put your head in the sand and hope for the best. Ransomware attacks are becoming more sophisticated by the day. Prevention is a multi-faceted defense that starts with the simplest pieces to put in place.
- If your practice’s privacy officer (every covered entity is required to have one!) hasn’t conducted a HIPAA risk assessment in the past 12 months, that’s the best place to start. It will help identify chinks in your PHI armor.
- Regularly educate and re-educate your staff on how the latest threats present themselves and reviewing the basics of protecting PHI. It’s really easy for your staff to become complacent when faced with a threat that they can’t see or touch.