Wolfe Eye Clinic, based in Iowa, suffered a cyberattack that gave hackers access to their patient files. The eye care cyberattack potentially affected 500,000 patients that had been treated by the clinic. More details are discussed below.
How Did the Eye Care Cyberattack Occur?
It was recently announced that, on February 8, 2021, Wolfe Eye Clinic discovered that an unauthorized party had gained access to their computer network. Upon discovery of the eye care cyberattack, the clinic worked quickly to secure their network, and contracted a third-party security and forensic investigator to conduct an investigation.
The investigation, which concluded on June 8, 2021, determined that 500,000 patients potentially had their protected health information accessed by the unauthorized party. Although information varied by patient, the data included names, mailing addresses, dates of birth and Social Security numbers; and for some, also included protected medical and health information.
Luke Bland, chief financial officer at Wolfe Eye Clinic commented on the eye care cyberattack, “We take our responsibility to protect personal information in our control very seriously and apologize for any concern or inconvenience this may cause. We continue to closely monitor the situation and are committed to notifying past and present patients about what happened and what they can do to protect their information.”
Patients affected by the incident have received breach notification letters by mail. These patients have access to one year of complementary identity theft protection and credit monitoring.
To read Wolfe Eye Clinic’s notice, please click here.
HIPAA Compliance Reduces the Risk of Cyberattacks
Did you know that organizations that are HIPAA compliant are better protected against cyberattacks? This is because HIPAA compliance and cybersecurity go hand-in-hand. Many of the requirements set forth by the HIPAA Security Rule improve your overall cybersecurity posture.
This includes the need to:
- Conduct an annual security risk assessment
- Implement remediation efforts to address risk and vulnerabilities to electronic PHI
- Implement access controls and keep audit logs
- Implement user authentication
- Encrypt devices that create, store, transmit, or receive ePHI
- Train employees on cybersecurity best practices
HIPAA compliance also enables you to recover more quickly should you be the victim of a cyberattack. In many cases, hackers demand ransom for the return of stolen files. Organizations that are HIPAA compliant maintain exact copies of patient data, and other business critical data, in offsite data backup facilities. When you are HIPAA compliant, you will also have a disaster recovery plan, which includes procedures for quickly restoring your data from your offsite data backups.
