On June 14, a cyberpunk working under the name The Dark Overlord got an Athens Orthopedic Hospital record containing the reports of 201,000 patients. The attack was carried out by a third party seller that was utilized by the hospital.
Patient data were thieved and the cyber-terrorist tried to extort cash from the hospital. A danger was issued stating the files would be vended if a payment wasn’t made. When the hospital declined to pay, the files were registered for sale on darknet market TheRealDeal. The data contained patient names, Social Security numbers, account numbers, telephone numbers, addresses, dates of birth, and possibly medical histories and diagnoses.
Although healthcare cyber attacks typically lead to patients being presented a minimum of one-year credit checking as well as identity thievery safety facilities to alleviate danger, Athens Orthopedic Hospital has verified that its patients won’t be offered these facilities.
A representative for Athens Orthopedic Hospital released a report to the Athens Banner-Herald clarifying that the hospital doesn’t have enough money to afford extended credit checking facilities for 200,000 people. The charge of providing those facilities would be “several millions of dollars,” and there just isn’t the cash available.
Chief Executive Officer of Athens Orthopedic Hospital, Kayo Elliott, said: “We aren’t capable to devote several millions of dollars it would cost us to afford credit checking for approximately 200,000 patients and operating Athens Orthopedic as a feasible company.” Elliot made an apology to patients impacted by the breach, saying “I know and am really sad for the situation this puts our patients in.”
AOC trauma doctor Chip Ogburn, MD also said the Athens Banner-Herald “I guarantee you that every doctor is extremely worried about this breach of our duty to you and the relations that we have developed.”
The step has been taken to decrease the danger of future breaches and the agreement with the “healthcare information administration supplier” has now been ended. Patients have been directed to get in touch with credit reference organizations to place scam warnings on their records and to get credit reports to check for the scam.
The breach has already cost the hospital a substantial amount of money. 201,000 breach notice letters have been posted to impacted patients, an outer cybersecurity company was brought in to probe the breach, and measures have been taken to upgrade cybersecurity fortifications to avoid future cyber attacks. Nevertheless, those aren’t the only expenses that will have to be covered. No less than 2 law companies have issued news announcements requesting breach victims to contact to get their names included in class action litigations.