South Dakota Plastic Surgery Association Data Breach Potentially Exposes Patient Records

Media Division | July 28, 2017

Cyber security is an ever fluctuating proposition. As threats are continually developed to be more adept and clever at bypassing our methods of defense, so must we constantly adapt our cyber security to thwart these new and updated threats. Unfortunately, many organizations tend to stagnate when it comes to their cyber security. They implement the immediate necessities and then do not really do much to improve that security as the landscape changes. This leads to them falling victim to a number of potential threats, which is likely a large reason that we continue to see numerous breaches and attacks all around the country and globe. Like in a recent incident involving the Plastic Surgery Association of South Dakota, in which they were hit by ransomware.

On Thursday, a news release was issued in which the association said they had discovered the ransomware in their systems on February 12th. They had then hired third party experts to determine what had been accessed and remove the threat. The investigation found that most patient records were not accessed, but they were unable to find all necessary evidence in the clean-up. On April 24th, they decided they could not say conclusively that all patient data was protected. The center is notifying around 10,200 people in regard to the attack, and the information potentially exposed could include patient names, addresses, dates of birth, Social Security numbers, driver’s license or state ID numbers, credit card data, diagnosis information, medical conditions, insurance data, and lab results. According to the release, no evidence of misuse of the patient information has been found, but they are notifying patients as a precaution. They are reporting the occurrence to the US Department of Health and Human Services, as well as working to increase safeguards. In addition, they are offering credit monitoring through Credit Watch and Equifax for a year.

The Association’s Handling of the Breach

It sounds as though the association is handling the breach quite adeptly. Not only are they taking all of the necessary steps to remediate their systems, but they are also looking out for those potentially affected, which is something many organizations neglect in a breach. It is vital to let those potentially affected know that the situation is being addressed and that their protection is important to the organization. Anything less can result in further detriment to the organization down the road, such as reputational and trust damage, and lost business and revenue. It is especially commendable that the Plastic Surgery Association is taking these steps even with there being no conclusive evidence that data was compromised or misused.

The Need For Further Attention on Cyber Security

As mentioned above, the reality is that far too many organizations do not place enough attention upon keeping their cyber security up to par. The threat landscape is quite broad these days, and basic cyber security is simply no longer enough. While antivirus and firewalls will always be a vital part of the scene, these cannot handle the job by themselves. It now requires predictive and proactive tools like monitoring and intelligence, as simple defensive and reactive methods cannot be counted on to defend from many insidious threats in the modern landscape. There is also the matter of maintaining current tools and implements through updates and patches. Many individuals and organizations like to think that it is not a big deal to put off those updates that continually pop up on devices, but this can be dangerous, as they frequently contain important security patches. Massive Alliance offers several tools and services that can help organizations to bolster their cyber security.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.