DataBreaches really and truly does not understand how entities can take so long to investigate some breaches before disclosing them. If HHS feels that seven months from the first detection of an attack to notification is reasonable or acceptable, then let it change the regulations. If it is not acceptable and HHS wants entities to adhere to the 60-day regulation, then start enforcing it.
The following is another example of long gaps between initial discovery and notification. It is certainly not the worst we have ever seen, but if data is in the hands of ne’er-do-wells, people need to be notified promptly.
And again: let’s stop with the “out of an abundance of caution” crap.
MIDDLEBURG, Pa., July 8, 2022 /PRNewswire/ — Family Practice Center (“FPC”) announced that it suffered an attempt to shut down its computer operations on October 11, 2021. That attempt failed and FPC was still able to treat patients and provide service to the community. FPC immediately launched an investigation to determine what happened and what information may have been accessed by an unauthorized person during the incident. On May 21, 2022 the investigation revealed that some of the files accessed contained personal information of patients and who those patients may be.
Although FPC has no evidence that any information has been misused, out of an abundance of caution FPC is providing notification to patients whose information may have been involved in the incident. The potentially affected information included names, addresses, medical insurance information, and health and treatment information. Patient medical records were not involved in the incident. For a small group of patients, Social Security numbers were involved. On June 30, 2022, FPC determined current address information for the potentially involved individuals in order to effectuate written notification of the incident.
FPC immediately contacted independent cybersecurity professionals to assist in protecting patients and advise on preventing unauthorized disclosures in the future.
FPC will be notifying potentially impacted individuals of this incident by letter. The letters include information about this incident and what steps those individuals who had their information exposed can take to monitor and protect their information.
FPC has established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time and can be reached at 1-833-909-4308.
FPC are not aware of the misuse of any patient information resulting from this incident.
Family Practice Center operates full service medical facilities headquartered at 7 Dock Hill Road, Middleburg, PA 17842.
SOURCE Family Practice Center