HHS estimates 7,012 individuals may be affected by the attack, in which scammers got unauthorized access by sending a malicious email at the practice. After learning of the malicious email, Georgia Spine & Orthopaedics took actions to terminate the unauthorized access.
The phishing incident occurred July 11. Georgia Spine & Orthopaedics officials said, “Because of the way the email account was accessed, a desk copy of certain emails was potentially saved onto the computer of the unauthorized third party — likely unintentionally, but we had to assume that the third party retained a copy of the data.”
An investigation of the incident found the mailbox of the attacked computer included patient names and other information found in medical records. A few emails contained Social Security numbers and/or driver’s license numbers.
The unauthorized access did not extend outside of the single email account. Georgia Spine & Orthopaedics is notifying patients who may have been affected.
More articles on practice management:
See what CMS pays ASCs vs. HOPDs for 6 orthopedic procedures
Mississippi hospital 1st in US to use new spinal technology: 3 insights
OrthoNebraska Hospital targeted in international ransomware attack: 5 things to know
At the Becker's 23rd Annual Spine, Orthopedic and Pain Management-Driven ASC + The Future of Spine Conference, taking place June 11-13 in Chicago, spine surgeons, orthopedic leaders and ASC executives will come together to explore minimally invasive techniques, ASC growth strategies and innovations shaping the future of outpatient spine care. Apply for complimentary registration now.
