Well, mate, you probably wouldn’t guess it, but there’s a right pickle going on over at The Pacific Pulmonary Medical Group (PPMG) in California. Seems they’ve managed to lose a truckload of private patient details, and yet if you have a gander at their website right now, you wouldn’t sense a hint of bother.
Now, here’s what happened. On October 25, PPMG got roped into a cybersecurity nightmare. (You’ve got to wonder if it’s a trick-or-treat gone wrong, right?) They landed themselves on the ‘Everest Team’ dark web leak page. Now, you’re probably raising an eyebrow at the term- ‘dark web’, sounds ominous, doesn’t it? Let’s just say, it’s not a place you want your personal details to be!
Apparently, a batch of patient details dating from 2021 onwards found its way there. And, we’re not just talking about basic info- there were over 150 images of the front and back of primary and secondary insurance cards. Even some images of patients’ driver’s licenses. Talk about a right mess!
To add to the mass of information, there were also digital records, .csv files to be precise. Each file representing a couple of weeks and packed with personal and confidential health information of patients. Stuff like patient info- names, addresses, phone numbers, and even Social Security numbers. Then there’s the private health stuff like appointment details, billing information, insurance accounts, and other medical specifics. All right there, seemingly for the taking.
The last of these files goes back to early October. But this tells us this muddle likely kicked off somewhere around then, perhaps even before the whole of that two-week time span was logged. This ‘Everest Team’ lot, they’re thorough, you know.
Now, given the way these records are filed every two weeks, there’s no saying just how many individual patients have been caught up in it. But each file seems to represent somewhere in the range of 300 to 500 patient visits. Makes you pull a grim face just thinking about it, doesn’t it?
What’s baffling is there doesn’t seem to be a peep from PPMG on this yet- nothing on their website, and not so much as a submission to HHS’s public breach tool. Either they’re hoping this will miraculously vanish (unlikely, if you’re asking me), or they’re scrambling for damage control.
Naturally, the issue was brought to PPMG’s attention. However, at the moment, it’s a game of e-mail cricket, with no replies from either PPMG or Everest.
Forgive me, but it seems like a bit of a bungle, doesn’t it? And it’s not just the patient’s privacy that’s at stake here, it’s also a stark reminder for healthcare systems and their cybersecurity frameworks. Hopefully, this serves as a wakeup call, for the healthcare industry can’t afford slumber when it comes to data security.
by Parker Bytes