Data Breach and HIPAA Compliance

There was a recent data breach at a dental clinic, Advantage Dental, that leaked 151,000 of its customers’ sensitive data. Advantage Dental, like many small businesses, started with just one office and has grown to become a chain of dental clinics servicing the state of Oregon with many locations.

Their security was compromised on February 23, 2015 by malware on a workstation, and it was not detected by the Intrusion Detection system until three days later. The attackers were able to compromise an employee’s computer on the network through malware that had infected the system. A keylogger in the malware was then able to capture an employee’s username and password to their client database, which allowed the attackers to access all of their client data. It is thought that the attackers were able to access data such as patient names, dates of birth, phone numbers, Social Security numbers, and home addresses. All of this data would easily allow the attackers to steal the identity of any Advantage Dental’s patient. Advantage Dental is now paying for credit monitoring and identity theft monitoring for all of their affected patients. This attack was also considered a breach of HIPAA compliance.

Advantage Dental still considers themselves lucky, because the computer and employee’s credentials that were compromised did not have access to financial data and money transaction services. Had the malware been on another computer or had compromised a different employee, repercussions could have been far worse. This breach demonstrates how one computer infected with malware can be a threat to an entire network and business.

InfoTECH Solutions provides many different solutions to help combat data breaches like this one. All of our IT/365 Managed Service Plans include anti-virus and basic monitoring. With IT/365 Managed Service Plan 2 and above we are able to keep your systems up-to-date with the latest Windows patches and many other third-party patches, helping keep your systems and network protected from common vulnerabilities and exploits. We can also help you find the right Intrusion Prevention system or Intrusion Detection system for your business, making your network safer for your employees and sensitive data. We are even available for technology training for your staff.

If you are not subscribed to our IT/365 Managed Service (Plan 2 or higher) contact sales@infotech.us for more information.

Also, feel free to reach out to our Accounts Executive, Josh Cormie, if you have any other questions—such as upgrading from Windows Server 2003—at josh@infotech.us.