We all have to trust our doctors with very private information. For many, that's been compromised by a cyberattack. Nearly 90-000 thousand Bay area patients may be at risk.
“It’s painful, it really is,” says Dr. John Wachter from Eye Associates of Pinellas.
He prides his practice on helping people. Now, he and staff have to focus on notifying some 87,000 patients, at their 3 locations that their name, address, date of birth, even Social Security numbers could be in the hands of hackers.
“We all try to do the best we can to protect information, and every time you put another safeguard in there's someone out there trying to work its way around it,” says Wachter.
It's part of a nationwide security breach.
The company Bizmatics provided Eye Associates and 15,000 other practices with medical files software. Bizmatics’ server got hacked exposing thousands of patients' files.
Recent data breaches affecting Florida's Palm Beach County Health Department, Wisconsin's Oneida Health Center, and Arkansas' Pain Treatment Centers of America (PTCOA) and Interventional Surgery Institute (ISI) have exposed another 23,000 patients' personal information.
“We had a few patients who have had their credit card stolen, but I've had my credit card stolen three times in the last two years. It’s hard to pinpoint where the source is,” says Wachter.
Patient Richard Sanchez received a letter in the mail from Eye Associates explaining the hack. It impacts patients prior to Nov. 15, 2015, when the practice change software systems.
To read the letter: http://www.eyeassociatesofpinellas.com/2-eye-conditions/56-patient-breach
“It's almost like, maybe not robbing your house, that's the old way, the new way is get into your computer,” says Sanchez.
Everyone's urged to sign up for identity theft monitoring. It's free for patients, but for now Eye Associates has to foot the bill.
“I actually blame the outside vendor,” Sanchez says.
Bizmatics believes the hack happened in January 2015, but didn't confirm the breach for more than a year. In that time, Florida Center for Cybersecurity at USF experts say patients’ information can be sold on the black market or used for identity theft.
“I took advantage of getting the credit reports and things like that, and that's what everyone should do. I think you just have to be diligent,” says Sanchez.
To protect your personal information, Jay Davis at the Florida Center for Cybersecurity at USF says it’s important to sign up for theft monitoring, pull a copy of your credit report to double-check that no unauthorized activity has taken place, if you notice anything out of place on your credit report, put a freeze on your report. This will prevent future applications from going through without knowing. You should also monitor all financial accounts for suspicious charges, call your issuer to dispute the charges, and have the card replaced should any fraudulent charges appear. And don’t forget to change your passwords on accounts regularly, using unique passwords for each accounts.