A ransomware attack occurring on January 13 affected up to 100,000 eyecare patients. The Arizona eyecare breach targeted Cochise Eye and Laser, maliciously encrypting their patients’ files. More details are discussed.

Cochise Eye and Laser Eyecare Breach

Cochise Eye and Laser runs three eyecare medical offices in Arizona, treating thousands of patients. On January 13, 2021, Cochise Eye and Laser was targeted by a ransomware attack that compromised their billing and scheduling medical practice software. Upon gaining access to the medical practice software, the hackers maliciously encrypted the files so that Cochise could not access patient files.

Cochise eyecare breach

Although there was no evidence that hackers stole the affected files, in some cases they altered and deleted patient files during the medical practice software data breach.

As a result of the eyecare medical practice software data breach, Cochise was forced to rely on paper charts. Additionally, they have had to reschedule follow up appointments for all patients seen after January 1, 2021 as they cannot determine when patient appointments were originally scheduled. 

Protected health information potentially accessed during the eyecare breach included patient names, dates of birth, addresses, phone numbers, and in some Social Security numbers, as this information was stored in their billing software.

Cochise is currently working on improving their cybersecurity by implementing increased security measures to prevent medical practice software data breaches. They are also in the process of restoring data and implementing new offsite data backup.

Let’s Simplify Compliance

HIPAA compliance and cybersecurity go hand-in-hand. Protect your business by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

How to Prevent Breaches

There are several ways in which healthcare organizations can increase their overall security and prevent medical practice software data breaches, many of which are HIPAA requirements.

Risk Assessments and Remediation Plans

Risk assessments are arguably the most important part of determining the overall security health of an organization. Conducting a risk assessment allows for vulnerabilities in an organization’s safeguards to be identified. As a HIPAA requirement, healthcare organizations must conduct annual risk assessments to account for changes in business operations. 

Additionally, organizations must implement remediation plans to address identified gaps and vulnerabilities. Remediation plans bolster an organization’s overall security posture.

User Authentication and Encryption

User authentication is a means for determining whether or not an entity attempting to access data is a trusted party. The best way to implement user authentication is through multi factor authentication (MFA). MFA requires users to input multiple unique login credentials, such as a username and password in combination with security questions, before they can access data. MFA prevents unauthorized access to data as, even if a hacker has access to an employee’s login credentials, they will be unable to access data unless they have access to the employee’s other login credentials.

Another way to prevent unauthorized access to data is through encryption. Encryption masks sensitive data so that is unreadable to entities that don’t possess a decryption key. As such, even if an unauthorized user gains access to an organization’s network, they will be unable to read sensitive data.

Access Controls and Audit Controls

Part of HIPAA<