Lessons Learned From The Athens Orthopedic Data Breach

Data breaches seem to have become a daily headline that causes readers to catch their breath each and every time. This knee-jerk reaction is for good reason. According to the Office of Civil Rights (OCR), in 2015 there were approximately 253 reported healthcare breaches that resulted in the combined loss or comprising of over 112 million records. As data breaches continue to grow, the vast majority of the population is left wondering what they can do to not only protect themselves, but repair the damage if their information is stolen during a breach.

Data Breach

What Does The Athens Orthopedic Data Breach Mean For Affected Patients?

Many companies will not disclose the exact cost of a data breach; however, IBM recently reported that in 2016 the average cost of a data breach was approximately $4 million. This figure equates to a loss of $158 for each stolen or lost record containing sensitive or confidential information. The recent Athens Orthopedic data breach is a prime example of some of the additional costs that are associated with each breach.

Brief details of the Athens Orthopedic data breach are as follows:

  • The hack occurred on June 14, 2016, but was not discovered until June 27, 2016.
  • A reported 200,000 – 400,000 patients were affected.
  • According to the clinic, “We believe that the information taken includes your name, address, Social Security number, date of birth, telephone number and account number, and may include your diagnosis and medical history.”
  • Athens Orthopedic will not offer credit monitoring services to the affected individuals of the recent data breach.

The most alarming part of the Athens Orthopedic data breach is not that up to 400,000 individuals were possibly affected, it is that the clinic refuses to offer credit monitoring services to the affected patients. It is important to note, that when a company is suffers from a data breach, it will typically offer the affected individuals credit monitoring services (at no charge to the individual). Many view Athens Orthopedic’s decision to skip the credit monitoring services, on account of the cost, as a failure to properly respond to the data breach.

In response to the frustrations of affected patients, Kayo Elliott, CEO of Athens Orthopedic Clinic, said in the statement, “ … And of course, they wish we could pay for extended credit monitoring. So do we. We truly regret that we are unable to do so, as we are not able spend the many millions of dollars it would cost us to pay for credit monitoring for nearly 200,000 patients and keep Athens Orthopedic as a viable business. I recognize and am truly sorry for the position this puts our patients in.”

Lessons Learned From The Athens Orthopedic Data Breach

There are several lessons to be learned from Athens Orthopedic Data Breach:

  1. When a company suffers a data breach, the affected individuals, through no fault of their own, might have to shoulder some of the costs.
  2. Individuals should consider protecting themselves with additional credit monitoring services as a precautionary measure.
  3. The cost of a data breach is more than a financial number to the majority of companies. For many, a data breach also costs companies their reputation, while simultaneously delivering a blow to customer service.
  4. It is far cheaper to spend the required funds to prevent a data breach, than it is to try and pay for the damages of a data breach of any magnitude.

Companies can learn from Athens Orthopedic’s data breach by taking the precautionary measures needed to protect their vital business data. Through the appropriate security protocols, cybersecurity education for employees, and leveraging best practice data protection measures, companies can proactively keep their data safe from current and future attacks. {Company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (330) 931-4141 or send us an email at info@qualityip.com for more information.