Georgia Spine and Orthopaedics of Atlanta discovered an unauthorized person gained access to an employee's email account through a phishing scam, and the incident was reported to HHS Nov. 16.
Here's what you should know:
1. The scammer compromised one mailbox July 11 after an employee opened a malicious link or document in an email that appeared legitimate.
2. The account contained patient names and other common medical information. A small number of emails contained Social Security numbers and driver's license numbers. The scammer likely retained a copy of certain emails.
3. In total, 7,012 individuals were affected.
4. GSO brought in technical and legal experts to investigate the incident and notified affected patients.
5. GSO urged affected patients to closely monitor account statements and credit reports and report any discrepancies to authorities. The organization set up a toll-free hotline to address patients' questions or concerns.
The organization published a notice on its website: "Unfortunately, phishing scams are hard to detect. Upon discovery of the incident, we promptly terminated the unauthorized access. We also engaged outside technical and legal experts to investigate the incident thoroughly to determine the full nature and scope of the access, to ensure our information technology systems are truly secure, and to identify (through a very tedious technical assessment and hand document review process) the exact emails that were actually accessed by the third party."
A representative could not be reached for comment at the time of publication.
More articles on turnarounds:
3 ways ASCs can cope when losing a volume leader
Gloves, scalpel, teddy bear — Toys calm Surgery Center at Sawgrass pediatric patients
The benefits and drawbacks of a salary model for physicians: 3 points