looking out rainy window

Hackers Have Started Ransoming Patient Data… to the Patients

As if having your medical data compromised wasn’t bad enough… Now your medical secrets are being held hostage!

It’s a breezy but sunny afternoon.  You’re going about your day, minding your own business when you receive a random text message from an unknown number saying that they have personal medical information about you that they will release, unless you pay up… Complete with photographs.

You text a few of your friends telling them, “Very funny!” but soon you get a sinking sensation in the pit of your stomach when you come to the harsh realization that this isn’t a practical joke.

Only your closest of friends knows about your embarrassing medical condition.  You don’t discuss it on social media.  They only way a stranger could find is through your medical records, but how could that be?  Isn’t your personal medical data secured? Was your healthcare provider hacked???

You want to throw up.  How can you every trust your doctors again?

Being notified by your healthcare provider that your electronic personal health information (ePHI) has been compromised is a horrible feeling all on its own.  And being the provider that has to inform their patients is also harrowing.  But imagine that YOU are the one notified by a PATIENT that this has occurred, after they received a ransom from the cybercriminal!  Is there much worse of a feeling than losing the trust of your patients because of your own negligence?

Could this really happen?

The sad reality is that, yes, it could.  And it has.

As of today, it’s not exactly a common occurrence, but it’s happening more and more often as healthcare providers are targeted with more frequency.  Not only are the hackers demanding a ransom from the medical practice, but also from the patients themselves.

This is precisely the scenario that The Center for Facial Restoration (TCFFR) of Miramar, FL found themselves in late last year.  TCFFR’s lead physician, Dr. Richard Davis, MD, received a ransom demand after their server was breached on November 8, 2019.  This, in and of itself is (unfortunately) NOT an uncommon occurrence.  What IS uncommon, however, is what they discovered next, that the hackers were ALSO ransoming the individual patients, as well.  They claimed to have complete access to patients’ PHI and threatened to release the data, complete with photos, if their demands weren’t met… by the patients.

This has had a massive impact on not only the patients, but the company, as well, whose fate is still up in the air.  As you can imagine, their patients have lost a lot of faith in the practice, and may not fully recover.

Could this happen to my practice?

Unfortunately, this could happen to practice whose cybersecurity is not up to snuff.  HIPAA compliance may seem like just another thing to put on your To-Do list, but there’s a reason it exists… To protect your patients.

Would your practice be able recover from an incident like this?  A lot would not be able to.  From HIPAA penalties, to ransom, to the complete loss of patients’ confidence, that would be difficult for anyone.

Fortunately, Petronella Technology Group has you covered.  We are HIPAA and Cyber Security experts.  Not sure if you are HIPAA compliant?  We can help with that, as well.  Just schedule a free consultation with Craig by clicking here, or call us at 919-422-2607.  Don’t wait until it’s too late.