The Dermatology Associates of Atlanta Attack Is An Example of How Damaging This Can Be

There is a tendency in Healthcare to think that hackers are only going after the big fish. But the data shows a different picture. Cyberattacks on small practice medical providers have been on the rise, with hackers increasingly targeting these entities due to their weaker cyber defenses compared to larger organizations. According to a report from cybersecurity firm Critical Insight,

• the number of attacks on physician groups and smaller hospital systems rose from 2% in the first half of 2021 to 12% in the same period of 2022; while
• breaches associated with specialty clinics rose from 23% in 2021 to 31% in the first half of 2022, while attacks against physician groups.

These smaller providers are particularly vulnerable as they often lack the same level of security preparedness, staff size, or budget as larger organizations.

One example of this is the Dermatology Associates of Atlanta, Georgia, who were affected by a malware attack that compromised patient data. The attack was a ransomware incident that targeted Virtual Private Network Solutions, LLC, a vendor providing electronic health record management software to the dermatology group. The breach was discovered on October 31, 2021, but it took until January 17, 2023, for VPN Solutions to confirm that patient data had been exposed. The breach affected over 8,500 individuals, and compromised files contained various types of information including names, addresses, Social Security numbers, dates of birth, medical conditions/diagnoses, treatment information, test results, health insurance policy numbers, and more.

Read More:

• The HIPAA Journal: Associates in Dermatology Patients Affected by Business Associate Ransomware Attack
• Fierce Healthcare: Hackers shifting focus to small hospitals, clinics and tech companies