How secure is your medical information?

Sometimes we take for granted that our personal medical information is safe, but is it? I have recently been reminded how vulnerable our personal and financial information is to cyberattacks. Below is a press release from Murfreesboro Medical Clinic, the clinic where my endocrinologist and ophthalmologist practice. This clinic was forced to cancel all appointments and close all offices for the past three days. They are still working to restore their computer systems from back-up data storage.

Important Update

May 2nd, 2023


Murfreesboro Medical Clinic & SurgiCenter Faces Critical Infrastructure Attack

MURFREESBORO, TENN. (MAY 2, 2023) – On April 22, 2023, Murfreesboro Medical Clinic & SurgiCenter (“MMC”) was the victim of a sophisticated criminal cyberattack. In response, we rapidly initiated an emergency shut down of our network to limit the spread of the attack within our systems and those of our technology partners. Since that time, we have been working with law enforcement agencies and third-party experts to identify the source and scope of the attack in order to restore normal clinic operations. Our first priority was to contain the incident and protect our patients and employees.

In conjunction with law enforcement, we continue to investigate the incident while also taking action on our infrastructure to, hopefully, prevent any further attacks. With the quick detection by our technology experts, we believe we have been able to limit the impact of this criminal attack. We are currently in the process of restoring our systems safely with enhanced security features and controls. While that process is being undertaken, MMC has closed all operations and hopes to open on a limited basis on Wednesday, May 3rd, with the rest of our operations coming online shortly thereafter.*

Joey Peay, CEO of MMC, states: “Preserving sensitive patient and employee information is of the utmost importance to MMC, but like so many other organizations around the country and despite its best efforts, MMC has found itself as the target of criminals attempting to steal personal or company data. I want to thank our patients and employees for their understanding and patience while we work to make sure our computer infrastructure is secure and free of any harmful software.”

We have worked diligently to communicate closures with all patients in a timely manner using all methods of communication at our disposal. Future updates regarding clinic operations will be posted to our website, social media platforms, and through emails and phone calls directly to patients. We apologize for the vagueness of our recent communications, but we did not want to do anything that would impede law enforcement’s investigative efforts.

While we have not confirmed that any specific patient, employee, or corporate data was accessed or removed from our network, patients and employees of MMC are encouraged to monitor their personal data for any misuse. Personal data could include names, enrollment information such as group name, identification number, claims or treatment information such as claim numbers, dates of service, procedures, prescription information, dates of birth, email addresses, phone numbers, driver’s license numbers, and, in some cases, social security numbers. Please note that MMC does not store credit card or bank account information within its network.

For over 70 years, MMC has been dedicated to caring for our community. We have faced countless challenges over the years including natural disasters, a world-wide pandemic, and now, a highly sophisticated cyberattack. With your continued support, we will overcome this criminal attack on MMC as we continue our commitment to the health of our community!

*Please check our website and social media pages for updates regarding hours of operation for Wednesday, May 3rd.

(post deleted by author)

2 Likes

Anyone ever interested in reading my medical history has way too much time on their hands, however, they are welcome to it and I look forward to hearing any tips they have to improve my health.

4 Likes

When they first came out with the HIPPA laws and we suddenly had to sign a form stating that we had read the HIPPA statement, I sat down and read the entire thing before signing it. I said to the nurses at the time that, according to what was said in the statement, apparently nearly everyone could get access to medical records except for the patients!

Meanwhile, I agree that if anyone wants to wade through the 5 thick folders of my medical records, more power to them. As long as my SS# is blocked off, I don’t care.

3 Likes

I stopped giving my SSN a few years back but I suspect that it is still in their system, computers never forget. My phone and Medicare are in their system as is my schedule.

They have not yet determined what information was exposed, if any. Identity theft is my main concern.

All of their offices are still closed with the exception of a walkin clinic for children and adults that are sick requiring immediate care. This is a large medical facility with over 90 physicians and over 900 other staff members.

As someone who is a bit of a computer nerd and did some IT for some SMBs, all data that is put on a computer and businesses computer is only as good as their security. Does the business use good password management for their employees, do they have good gear that the logs are being looked at by people that know what they are doing, and thoughts like that are what I think about.

These are some of the thoughts I have when I select a provider. It is usually easier to tell what security protocols they have by having a first-in-the-morning or just-after-lunch appointment.

  • These breaches happen as you are only as secure as your weakest password. I happen to use a password manager and have randomized 20+ character passwords to all of my logins as I have been this way for 10+ years.
  • Does the computer system use two-factor authentication, and is it token or app-based and NOT cellphone-based?