In 2016 the infamous hacking group “thedarkoverlord” (TDO) launched a ransomware attack on the Athens Orthopedic Clinic stealing the data of over 600,000 patients. That data that was stolen included confidential health information and social security numbers. TDO had access to this information for a few months during the summer of 2016 and posted the data on the dark web. After a lawsuit and settlement, the clinic paid $1.5 million for the data breach, but there was still an investigation over HIPAA noncompliance.
During the investigation, it was revealed that the Athens Orthopedic Clinic was not maintaining HIPAA policies and secure agreements with many of their business partners. In addition, the clinic did not provide their employees with updated HIPAA training and they did not have secure network systems to monitor for threats. Due to all of the weaknesses in their system, they implemented a corrective action plan (CAP) with the Office for Civil Rights. Under the new plan, the clinic must revise all relationships and networks to ensure maximum security is being maintained. Lastly, they must review their policies and networks to confirm that they meet current HIPAA and security standards.
See how the AgileBlue Machine Learning + User Behavior Analytics SOC-as-a-Service can keep you safe from a breach, schedule a demo.
Learn more about the impact of this attack.