As the old saying goes, a chain is only as strong as its weakest link. When it comes to cybersecurity, you might not even be in charge of your weakest link.
Radiology Center, a third-party partner of the McLaren Medical Group, was notified that their computer system had been hacked. They discovered that a number of patient records had been accessed without authorization, but they couldn’t determine whether any other 106,000 records had been accessed as well. The data breach took place five months before Radiology Center notified McLaren, saying they wanted to complete the investigation first.
The information available in the patient records included Social Security numbers, contact information, personal information, and medical information.
The lesson here is that even if your medical practice (or any other business) takes every possible precaution, your vendors, partners, or other parties with access to your sensitive information might not take as good care of it as you do. When partnering with another company, make sure you take the time to vet their cybersecurity procedures and practices.