At this point, most of us have received at least one letter in the mail informing us that a data breach may have compromised our personal information—and it’s been just as likely to come from your doctors’ office as your bank or credit card company. The data breaches experienced by Change Healthcare, Ascension Healthcare, and Cencora in 2024 put health care cyber security front and center.1-3 But these large companies aren’t the only ones being targeted. We all are.
If you really want to doom scroll on this topic, you can check out the Breach Portal (ocrportal.hhs.gov/ocr/breach/breach_report.jsf) maintained by the US Department of Health and Human Services Office for Civil Rights. The portal provides notice of breaches of unsecured protected health information when it affects 500 or more individuals. In January alone, nearly 70 breaches were reported, affecting thousands of patients. The events range from stolen laptops to full-blown hacking/IT incidents.
So, it’s more a matter of when, not if, your practice will become the target of a cyberattack. In this issue, Bill James, MHA, COE, chief financial officer of an eight-doctor comprehensive ophthalmology practice in Indiana, answers the question no one wants to have first-hand knowledge of: What actually happens after a cyberattack? Read through his personal account and you will glean some very important pearls to help you manage if you find yourself in a similar situation. He shares the initial steps of discovery, the disclosure reporting process, the cost, and the long-term ramifications. Most importantly, he also provides actionable steps you can take to avoid falling prey to hackers—and it’s much more involved than changing your password on a regular basis.
If your office is already a digital fortress, other articles in this issue can help you manage your injectable inventory and protect your financial health. Head over to the main issue of Retina Today to check out Coding Advisor, which covers OCT coding considerations in 2025.
In medical school, residency, and fellowship, all you needed to think about was being the best doctor possible for your patients. But once in practice, you soon realized the additional importance of protecting your network, electronic health record, and hardware. If you take the right steps to protect yourself and stay diligent, cyberattacks shouldn’t affect your practice—leaving you free to focus on your patients.
1. Bose D. A large US health care tech company was hacked. It’s leading to billing delays and security concerns. APNews. February 29, 2024. Accessed September 4, 2024. apnews.com/article/change-cyberattack-hospitals-pharmacy-alphvunitedhealthcare-521347eb9e8490dad695a7824ed11c41
2. Harris D. Ascension data breach: health system says clinical operations disrupted. CRN News. May 8, 2024. Accessed September 4, 2024. www.crn.com/news/security/2024/ascension-data-breach
3. Becker Z. Data breach at pharma partner Cencora puts sensitive patient information at risk. Fierce Pharma. May 28, 2024. Accessed September 4, 2024. www.fiercepharma.com/pharma/data-breach-pharma-partner-cencora-leaves-sensitive-patient-information-more-dozen
