Jackson Stevenson Eye Clinic*
- Malware installed on two computers, likely through phishing scam, captured screen shots of patients' sensitive information
WHAT DATA WAS COMPROMISED?
- Social Security Number, Date of Birth, Home Address, Phone Numbers, Dates of Service, Medi-Cal ID Number, Medicare ID Number, Insurance Information, Treatment Information, Medical History, and more.
WHAT WERE THE CONSEQUENCES?
- Clinic sent this data breach notification letter to all current and former patients
- Clinic hired information technology consultant to diagnosis breach, remove malware, and improve security going forward
- Clinic answered phone calls about data breach for months following incident, reducing productivity
- Estimated cost: $92,750
HOW COULD ARIENTO HAVE HELPED?
A subscription from Ariento could have helped in these ways:
- Minimum privilege access control policy wouldn't have allowed user to download malware without approval
- Managed firewall may have prevented malware from being available to download
- User training & awareness would have trained user re: phishing scams, potentially preventing incident from happening
- 24/7/365 security monitoring would have enabled clinic to narrow down and notify only affected patients as opposed to all current and former patients, reducing number of customers lost
- 24/7/365 security monitoring may have caught breach quicker, therefore limiting damage
*We have changed the name of the firm involved in this case study in order to protect their identity