So many breach disclosures get overlooked during the last week of the year as people focus on family and other issues. In addition to the Prestera and Mattapan news releases that appeared on December 31, I also came across a media report out of Georgia involving Five Points Eye Care in Athens, Georgia. On October 27, they experienced an attack involving their email system. They detected it the same day, and as Tim Bryant reports, “The access was limited to correspondence sent to their office from other treating physicians.”
The incident was reported in the media on December 28, and by then, affected patients had already been notified and offered credit monitoring, even though they had found no evidence of misuse by that point.
Their incident response sounds somewhat admirable: quick detection, notification to law enforcement, bringing in IT to investigate and strengthen security, and notifying those affected.
Well done, Five Points Eye Care. Well done.