Dive Brief:
- Following a recent data breach, Athens Orthopedic Clinic said it will not pay for extended credit monitoring for affected patients.
- Paying for extended credit monitoring for nearly 200,000 patients would cost millions and could put Athens Orthopedic Clinic out of business, according to CEO Kayo Elliot.
- The provider is urging patients to be on the lookout for indications that their personal information was part of the breach and to contact credit reporting agencies.
Dive Insight:
Athens Orthopedic Clinic will not offer credit monitoring services to patients potentially affected by a data breach discovered on June 28. Information on up to 200,000 patients was compromised.
“Many patients are upset and frustrated with the situation,” Athens Orthopedic Clinic CEO Kayo Elliot was quoted in the Athens Banner-Herald. “And of course, they wish we could pay for extended credit monitoring. So do we. We truly regret that we are unable to do so, as we are not able spend the many millions of dollars it would cost us to pay for credit monitoring for nearly 200,000 patients and keep Athens Orthopedic as a viable business. I recognize and am truly sorry for the position this puts our patients in.”
Extended credit monitoring is generally offered to patients when a data breach occurs.
The data breach occurred when hackers accessed medical records on June 14 using log-in credentials belonging to a third-party vendor. Athens Orthopedic has terminated its relationship with the vendor, notified law enforcement, informed patients that their records may have been compromised and hired a cybersecurity team to prevent future incidents.
Despite efforts to gain control over the situation, around 500 patient records from Athens Orthopedic were put up for sale on the black market by a hacker group known as the Dark Overlords. Information up for sale includes Social Security numbers, dates of birth, phone numbers and medical records. The same hacker group has accessed and tried to sell at least 9.3 million patient records accessed from different health information databases.