Ransomware Attack on CT Optometry Office Raises Tax Fraud Concerns

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

Cybercriminals target businesses of all industries and sizes, however, it seems as though their sights are set more on small and medium-sized businesses than large corporations. While there are many factors that may influence the shift of attention to small businesses, one explanation stands out, and really is quite simple. Cybercriminals target small businesses, in large part, because they don’t expect to be targeted.

According to a UConn Janet & Mark L. Goldenson Center for Actuarial Research report, 85% of small businesses believe that cybercriminals are more likely to attack large corporations than small businesses.

Unfortunately, the optometry offices of Dr. Thomas DeLuca, Dr. Anthony Marciano & Associates in Prospect, Connecticut, know first hand that cybercriminals target small practices. On November 29, the optometry office fell victim to a ransomware attack.

25-unresponsive computers displayed the word “Ransom” the morning of the attack, leaving DeLuca sleepless for three nights. The hacker responsible for the attack made away with personal information obtained from the 26,000 patient files on record at the office. Potentially compromised personal information includes patients’ names, social security numbers, as well as medical information.

The Ransom & The Recovery
According to DeLuca, the hacker was seeking $4,000 in exchange for the repossession of his system and data. The offices’ IT provider instructed them not to pay the ransom, as there was a high risk that the hacker would just refreeze the computers.

Luckily, all the patient data was backed up on a separate system, which allowed the office to purge the compromised system over a three-day period. DeLuca is still unsure how the hackers carried out the attack on their system, which he felt was protected by “good security”.

Although they are unaware of any attempted or actual misuse of the compromised data, all patients potentially impacted by the attack have been notified of the incident. Thankfully, the optometry office had cybersecurity insurance in place, helping DeLuca notify patients in writing shortly following the incident’s discovery.

Potential Repercussions of Stolen Personal Information
Having your personal information compromised is dangerous in many ways. The Dark Web is a hotbed from cybercriminals; a place where they can go to buy and sell stolen information. This means that once your data has been compromised, you run the risk of having that information exposed on the Dark Web.

Once a cybercriminal has obtained your information, it can be exploited in various ways. For example, a hacker may apply for loans, file a fraudulent insurance claim, file fraudulent tax returns, create counterfeit cards, and much more. Although the value of stolen information varies on the Dark Web, healthcare information ranks among the most profitable data.

Tax Season Scams
The timing of the ransomware attack at Dr. Thomas DeLuca, Dr. Anthony Marciano & Associates caught the eye of the Internal Revenue Service. The IRS recently contacted DeLuca expressing concerns that the stolen patient data will be used to file fraudulent tax returns this year.

Since tax season is underway, it’s important to take precautions to avoid falling victim to a tax scam. Remember, the IRS will never call or email you to demand payment for an overdue tax bill. If you receive a call of this type, hang up. You should also never click on email links that claim to be your W2 or other tax documents. Finally, file your taxes early so scammers can’t beat you to it.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.