Athens Orthopedic Clinic in Georgia, which in June was hit with a cyberattack that impacted roughly 200,000 patients, is not able to pay for extended credit monitoring for its victims, the Athens Banner-Herald reports.
The clinic learned about the breach, which it dubbed “an external cyberattack on [its] electronic medical records,” on June 27; the hack took place on June 14, when log-in credentials of an outside vendor were used to access the record system. Information at risk includes names, addresses, Social Security numbers, birth dates, telephone numbers and account numbers, as well as some diagnoses and medical histories.
Clinic CEO Kayo Elliott, in a statement, said Athens Orthopedic could not remain a “viable business” while also paying “millions of dollars” for extended credit monitoring, according to the Banner-Herald.
“Many patients are upset and frustrated with the situation. And of course, they wish we could pay for the extended credit monitoring,” he said. “So do we. ... I recognize and am truly sorry for the position this puts our patients in.”
In a letter to patients, Athens Orthopedic advises those affected to place a fraud alert on their credit reports via one of the three major credit bureaus, for which it supplies contact information. The clinic also notes that it has hired cybersecurity experts to investigate the breach.
In a letter published in the Banner-Herald Aug. 6, Athens Orthopedic surgeon Chip Ogburn defended the clinic, calling executive staff “tireless in their oversight of this complex issue and in cooperation with all the investigating bodies.” He added that physicians at the clinic are “distraught” due, in part, to the impact of the breach on Athens Orthopedic’s reputation.
“Many of the social media comments I read indicated that AOC is, at a minimum, negligent or, at worst, complicit with the felony that occurred,” Ogburn wrote. “This could not be further from the truth.”