Jackson Stevenson Eye Clinic*

WHAT HAPPENED?

  • Malware installed on two computers, likely through phishing scam,  captured screen shots of patients' sensitive information

WHAT DATA WAS COMPROMISED?

  • Social Security Number, Date of Birth, Home Address, Phone Numbers, Dates of Service, Medi-Cal ID Number, Medicare ID Number, Insurance Information, Treatment Information, Medical History, and more.

WHAT WERE THE CONSEQUENCES?

  • Clinic sent this data breach notification letter to all current and former patients
  • Clinic hired information technology consultant to diagnosis breach, remove malware, and improve security going forward
  • Clinic answered phone calls about data breach for months following incident, reducing productivity
  • Estimated cost: $92,750

HOW COULD ARIENTO HAVE HELPED?

A subscription from Ariento could have helped in these ways:

  • Minimum privilege access control policy wouldn't have allowed user to download malware without approval
  • Managed firewall may have prevented malware from being available to download
  • User training & awareness would have trained user re: phishing scams, potentially preventing incident from happening
  • 24/7/365 security monitoring would have enabled clinic to narrow down and notify only affected patients as opposed to all current and former patients, reducing number of customers lost
  • 24/7/365 security monitoring may have caught breach quicker, therefore limiting damage

*We have changed the name of the firm involved in this case study in order to protect their identity