News and Updates on Information Technology

United States – Fondren Orthopedic Group

Exploit: Malware attack
Fondren Orthopedic Group: Orthopedic healthcare services provider

Risk to Small Business: 1.555 = Severe: A malware attack destroyed a number of the medical provider’s patient records. The incident was first discovered in November 2019, but IT administrators only recently identified the permanent damage to their digital records. As a result, patients have to complete new patient information forms that include detailed medical histories. Given the sensitive and incredibly important nature of this information, this attack could negatively impact patient care, and it will undoubtedly invite regulatory oversight.

Individual Risk: 2.285 = Severe: Fondren Orthopedic Group noted that there is no evidence of patient information being compromised. However, the lost data includes patients’ names, addresses, phone numbers, treatment data, and healthcare information. It stands to reason that if hackers can erase patient data, then they can also use it for other nefarious purposes. Those impacted by the breach should carefully monitor their online accounts for unusual or suspicious activity, and they should scrutinize digital communications because compromised data is often redeployed in spear phishing attacks.

Customers Impacted: 30,049
How it Could Affect Your Customers’ Business: After this devastating malware attack, Fondren Orthopedic Group announced an update to their cybersecurity practices, a move that is too little, too late for the thousands of patients impacted by the breach. There are many steps companies can take to mitigate the risk of a data breach, but those steps need to be taken before an incident occurs. Otherwise, these measures serve as vanity metrics as opposed to a defensive strategy.