Extormity 'breach' highlights fine line between fiction, reality


Extormity struck again this week. The fictional, satirical EMR vendor emailed a "press release" with the headline, "Extormity Proudly Announces Breach." (If the people behind Extormity were as diligent with updating their website as they are with needling the major EMR vendors, I'd have a link for you, but I guess they'd charge me a consulting fee for that.)

According to the phony announcement: Electronic health record vendor Extormity today announced a data breach that compromised the demographic and health information of more than 80,000 patients.

"In the past, we would have covered up these kinds of mistakes," explained Extormity CEO Brantley Whittington. "However, these breaches are getting widespread media coverage. As they say, there is no such thing as bad PR, so we are making breach notification a cornerstone of our marketing strategy.

"While we used to make a half-hearted attempt at security and privacy protection, we are now encouraging our employees to make unencrypted copies of the protected health information we have on our servers and place the data in a public place like a train or a coffee shop or a tea party rally," explained Whittington. "When an employee is due for a new laptop, we load up their old computer with sensitive patient data including the health records of former child actors and washed-up reality TV stars and leave it in the lobby of a tabloid newspaper or celebrity gossip magazine--significantly increasing the odds of securing editorial attention."

This "news" would be a lot funnier if it weren't so grounded in reality.

Consider the following headlines from various Fierce publications: "Confidentiality breach: Hospital sent patient records to auto shop"; "Report: Medical data theft growing as more adopt EMRs"' and "Organized crime getting deeper into medical identity theft." A week ago in FierceEMR, this item appeared in Also Noted: "The state of California has fined Lucile Salter Packard Children's Hospital at Stanford University $250,000 for taking too long to report a breach of more than 500 patient records after an employee apparently stole a hospital computer. Article"

Hey, at least Extormity didn't try to cover up the breach. Sometimes there's a fine line between fiction and reality. - Neil