Digital Forensics Dispatch

Thousands of Heart Patients’ Data Exposed, Could Employee Training Have Stopped It?  

March 29, 2022

According to a recent article on Inforsecurity-Magazine.com, South Denver Cardiology Associates, SDCA, was forced to issue a privacy incident notice to its patients after an apparent data breach.

According to the notice, posted on the company website, the firm first identified suspicious activity on their network on January 4^th, 2022 and immediately initiated their incident response protocols. At around the same time, an investigation was started with the help of a third party computer forensic firm and law enforcement. It was determined that the breach took place over the course of several days between January 2^nd and January 5^th. After that time, the measures that were part of the IR protocol re-secured the patient data.

Unfortunately, it appeared those responsible for the unauthorized access were able to get to files containing patient info such as the names, dates of birth, social security numbers, health insurance particulars, and even the names of some of the patients’ doctors and treatments/prescriptions.

SDCA is offering credit monitoring and identity protection services to all of its nearly 290,000 patients potentially affected by the breach.

One of the security experts consulted for the post, James McQuiggan, stressed the importance of security training for employees to help avoid incidents like the SDCA breach. In comparison to the costs associated with a data breach, McQuiggan noted “the costs to implement a security awareness training program for their employees are lower.” This is not only often true but likely a massive understatement for SDCA in this case.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics