Eye Patient Data Exposed in Data Breach
- By Dawna M. Roberts
- Published: Jun 30, 2021
- Last Updated: Mar 18, 2022
Another cyber-attack on an eye clinic in Iowa may have exposed patient data for hundreds of thousands of residents.
What Happened?
With offices across the state of Iowa, Wolfe Eye Clinic announced on Tuesday that they experienced a data breach in February where hackers gained access to their computer network.
In their public announcement, the company divulged that half a million current and past patient records were exposed in the data breach on February 8.
Immediately following the incident, Wolfe Eye Clinic hired a top cybersecurity forensic firm to investigate. However, the scope of the actual attack was not fully discovered until now.
A company spokesperson stated that
“Upon detecting this incident, we moved quickly to secure our network environment and launched a thorough investigation.”
The announcement continued with,
“The investigation was performed with the help of independent IT security and forensic investigators to determine the scope and extent of the potential unauthorized access to our systems and any sensitive information,”
“Given the complexity and scale of the cyber-attack detected, the full scope of information potentially impacted was not fully realized until May 28, 2021.”
What Information Was Stolen?
It took months for the investigation to be completed. The firm finished on June 8 and filed its report claiming that the information compromised by hackers included patient’s names, addresses, dates of birth, social security numbers, and patient medical data protected by HIPPA.
The Ongoing Threat to Healthcare
2020 saw a severe uptick in attacks on healthcare organizations and hospitals. The trend is continuing into 2021, and not a week goes by without another report of a health provider breached and data exposed.
The malicious attack on healthcare opens up the possibility of identity theft for millions of patients. It also puts lives at risk when healthcare providers cannot access the correct resources to treat patients.
Most smaller healthcare providers do not have the resources available to implement high-end security systems to keep invaders out.
Experts suggest that all healthcare organizations adopt a zero-trust approach to digital services. The theory behind it treats every connected device as a potential intruder until it is accurately verified, rather than the old-school approach of relying on firewalls and antivirus software, which has become much less effective.
Cybersecurity researchers believe that the best way to ensure protection is to remove passwords altogether. By making the login process safer and more efficient, healthcare companies will experience fewer attacks. Other side benefits include increased productivity and less downtime for IT services.
Some other cybersecurity tips for healthcare professionals include:
- Store patient data on systems that are not connected to the internet.
- Use two-factor or multi-factor (biometrics) for logins instead of passwords.
- Train staff on phishing attacks and how they work.
- Never click links in emails or download attachments.
- Encrypt all data so if it is stolen or accessed, it will not be exposed.
