After a data breach that potentially exposed the records of 200,000 people, Athens Orthopedic Clinic CEO Kayo Elliott said that the provider cannot afford the common practice of paying credit monitoring fees for those patients.
"We truly regret that we are not able to spend the many millions of dollars it would cost us to pay for credit monitoring for nearly 200,000 patients and keep Athens Orthopedic as a viable business,” Elliott said in a statement. “I recognize and am truly sorry for the position this puts our patients in.”
AOC said the information stolen includes names, addresses, social security numbers, dates of birth and telephone numbers, and in some cases diagnoses and partial medical history personal information of current and former patients. AOC stressed that no banking or payment information is stored at AOC and was therefore not compromised in the breach.
TRENDING: Precision medicine: Analytics, data science and EHRs in the new age
AOC said in a special message on its website that officials discovered the hack on June 28 and that it began on June 14, and immediately hired cyber-security experts and notified the FBI. Officials chose not to publicly disclose the breach so as not to interfere with the investigation or incite the hacker into a mass public release of data.
The hack was perpetrated through the use of a third-party vendor's log-in credentials. That vendor has been terminated, AOC said. They did not identify the vendor specifically but referred to them as a "nationally-known healthcare information management contractor.”
[Also: Security vendors ready ransomware decryption tools to help hospitals under cyberattack]
AOC also said it also took several weeks to confirm which patients' information was taken, and what specifically was stolen. Once the hacker made some of the info public, however, AOC informed those who were potentially affected and the public at large, putting statements on their website and social media, and working on a mass mailing of letters to the 200,000 affected patients.
Elliott said the hacker has attempted to extort a large ransom from them, and have expended significant resources making sure their system is now secure — though that may be little consolation to those whose information was compromised and worry about potential fraud.
Twitter: @BethJSanborn
