A healthcare clinic based in Missouri US named ‘Mattax Neu Prater Eye Center’ has suffered a cyber attack, in the wake of which, the center announced the breach at the end of June. However, the attack took place in December 2021. The center has informed the US regulators of a data breach in which more than 92,000 individuals have been affected.
“This incident has affected eye care practices across the country, and is not specific to Mattax Neu Prater. This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Mattax Neu Prater,” center added.
Mattax Neu Prater Eye Center is a premier provider of advanced laser vision correction, such as LASIK, as well as cataract correction and advanced technology replacement lenses in Springfield, Missouri US. It provides surgical and non-surgical care and has reported that the “third-party data security incident” may have compromised the sensitive data of patients.
“However, a lack of available forensic evidence prevented Eye Care Leaders from ruling out the possibility that some protected health information and personally identifiable information may have been exposed to the bad actor,” the clinic added.
Further, Mattax Neu Prater said that at present the firm does not hold any evidence of identity theft as a result of the incident, but following the attack, the clinic has informed its patients who might be impacted via postal mail.
Cybersecurity experts suggest that all healthcare organizations should adopt a zero-trust approach to digital facilities. This approach treats every connected device as a potential intruder until it is accurately verified. According to the Experts, old-school approaches like using firewalls and antivirus software have become less effective.
Cybersecurity researchers also believe that the best way to protect the system is by deleting passwords altogether. Some other cybersecurity tips that can help healthcare professionals are given below:
• Store patient data on systems that are not connected to the internet.
• Train staff on phishing attacks and how they work.
• Use two-factor or multi-factor (biometrics) for logins instead of passwords.
• Never click links in email or download attachments.
• Encrypt all data so if it is accessed or compromised, it will not be exposed.