Peachtree Orthopedics has announced a hacker gained access to a patient database containing names, addresses, dates of birth, email addresses, treatment codes, prescription records, and Social Security numbers. The breach notification letters sent to patients on October 7, 2016 explain that the hacker potentially stole the contents of the database.
The data breach was discovered on September 22. Rapid action was taken to secure patient health information and block data access. Outside IT security experts were also brought in to conduct a forensic examination and ensure that its systems were secured to prevent future breaches of ePHI. The FBI was also informed and is investigating the breach.
Data theft was not confirmed but it could not be ruled out. Patients have therefore been offered a year of credit monitoring and identity theft protection services through Equifax to protect them from fraudulent use of their data.
Peachtree Orthopedics operates 9 clinics throughout metropolitan Atlanta and serves thousands of patients in Cherokee, Cobb, Forsyth, Fulton and Gwinnett counties. It is unclear at this stage how many individuals have been affected by the breach. That will not be known until the incident appears of the breach portal maintained by the Department of Health and Human Services’ Office for Civil Rights.
The breach has prompted Peachtree Orthopedics to review its security controls and additional security measures are being implemented to further protect patient data.
Hackers have long targeted the healthcare industry due to the high value of patient health data. Healthcare records are ten times as valuable as credit card numbers making healthcare organizations attractive targets for hackers and data thieves. Healthcare organizations are more complex that organizations in other industry sectors, and protecting critical data is much harder. Security controls are often much less robust than organizations.
To date, there have been 80 healthcare data breaches reported in 2016 that have been attributed to hackers. Those security breaches have resulted in the exposure and/or theft of 11,368,599 healthcare records.