Data Security Incident Southeastern Minnesota Oral & Maxillofacial Surgery

This is one of the largest dental data breaches I am aware of. Most are just a few thousand, this is reported to be 80,000 individuals.

Southeastern Minnesota Oral & Maxillofacial Surgery (“SEMOMS”) has become aware of a data security incident that may have resulted in the inadvertent exposure of patients’ health information.  Although at this time there is no evidence that patient information was actually accessed or viewed, or any indication of anyone’s information being misused, the practice has taken steps to notify anyone who may have been affected by this incident,

Source: Data Security Incident Austin MN, Southeastern Minnesota Oral & Maxillofacial Surgery

This reportedly a ransomware attack. These do not usually involve data exposure but it is possible and as such the rules require the practice notify the patients.

However this office may be at risk for a much bigger disaster. If they are investigated by the HIPAA police and the investigators decide the office’s HIPAA protocols were inadequate the office may be fined. Typical fines range from $100 to $200 per record. That could mean a fine of around twelve million dollars! (80,000 x 150). A fine is not covered by insurance.  There is no appeal to the courts as these cases are decided by administrative panels.