Here’s a great way to destroy any trust your patients might have in you. Madeleine Damo reports:
Staff at a western Sydney radiologist – recently hit with a cyber attack – were told to tell concerned patients the breach was “an operational IT issue”, while also fielding harassing phone calls from hackers themselves.
Imaging and diagnostics provider, Quantum Radiology, which operates 10 clinics across Sydney, including Nepean Radiology on High St, fell victim to a cyberattack on November 22, when an “unauthorised third party” breached the company’s IT system and “encrypted its contents” which included patients’ Medicare numbers, identifying information, claim details, image scans and reports.
A formal notification acknowledging the cyber attack was posted to Quantum’s website, which stated practitioners at each clinic had been informed and asked to assist in notifying patients.
The nature of the attack was also confirmed to staff in an email.
However an additional email sent internally in the days following instructed staff to tell patients there had been “an operational IT issue” under a set of directions headed “what to tell patients”.
In other words, don’t tell patients that there was a ransomware attack in which their data was encrypted and their personal and protected health information acquired by the criminals?
This is why we need firm laws requiring disclosure and prohibiting deception or minimization in disclosures.
Read nore at Daily Telegraph.