Well, my friends, there’s a bit of a kerfuffle in the world of healthcare and cybersecurity at the moment, have you heard about it? It happened over in the States, in Colorado, with a company called Summit Pathology. Pull up a chair, and I’ll give you the lowdown.
So, in the latter part of October, it came out that Summit had incurred a bit of a breach—a far bit bigger than a ‘bit’, if we’re being honest—that affected over a whopping 1.8 million patients. Shortly after, injury lawyers were sniffing around for possible compensation cases.
A woman by the name of Karen Alexander discovered that Summit had sent her and her family notifications about the breach to an old address. In response, she did what any red-blooded person might do when they’re miffed—she took them to court.
However, in her legal complaint, there was nothing that jumps out as particularly unique concerning the regulations of HIPAA and the FTC Act. What did tick her off, however, is when she rang up Summit’s call centre, they wouldn’t mail her the notification letters to her new address. Instead, they offered to read them out over the phone and suggested she sign up for their free protective services.
In terms of concrete injury or harm, Karen suggests a rise in pesky spam messages since April could be connected to the breach. But does all this amount to a big deal? Let’s dig a bit deeper.
According to the notification letter from Summit, they clocked some dodgy activity in their computer systems around mid-April. The affected system had all sorts of data, from names and addresses to medical and billing information, even sensitive stuff like Social Security numbers and financial information.
However, Mum’s the word at Summit. They’re keeping schtum about all the nitty-gritty details like how these cyber miscreants gained access or if it was a ransomware incident. For now, no cybercriminal group has put their hands up and claimed responsibility.
At this point, the questions are coming thick and fast:
Did Summit have two-factor authentication on the go? How exactly did the hackers break in? It could’ve been an unsuspecting employee falling for a phishing scam or compromised credentials from another attack, who knows?
How long were these digital robbers snooping around in their systems nicking data?
Why on earth did they have unencrypted patient data sitting on their system? And were all these patients current?
What additional security measures have they put in place now that ideally should have been in place earlier to prevent such a breach?
I sent off an inquiry to Summit for a bit of clarity, but I haven’t heard a peep yet. However, you can bet your bottom dollar I’ll keep you updated once I get wind of more information.
So, there you have it, a perfect storm of healthcare data, shifty hackers and a frustrated patient. The moral of the story? With the rising threats to data security, it’s never too soon to tighten your cybersecurity measures. Remember, an ounce of prevention is worth a pound of cure.
by Parker Bytes
