In recent data breach news, the Vice Society, a hacker organization, took credit for the recent data breach at Atlanta Perinatal Associates (“APA”). While Atlanta Perinatal Associates has yet to confirm that it was victimized in the recent attack, the hackers uploaded a copy of all the data they obtained. Based on the hackers’ claims, the compromised information includes patients’ names, dates of birth, ID numbers, expected due dates of delivery, referring physician names, sonographer names, and the ultrasound results. The breach apparently also includes additional information, such as patients’ history of drug or alcohol use, family and social factors, and other health-related issues.

If you receive a data breach notification from APA in the coming weeks, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Atlanta Perinatal Associates data breach, please see our recent piece on the topic here.

What We Know About the Atlanta Perinatal Associates Data Breach

According to a recent report detailing the hacker’s claims, the group uploaded a large amount of data allegedly obtained from Atlanta Perinatal Associates onto its “leak site.” Hackers and other criminal organizations often maintain these leak sites to “brag” about their accomplishments. To ensure they get credit for their criminal acts, groups will often upload either images of the data they obtained or, as was the case in the Atlanta Perinatal Associates breach, copies of the data itself.

The Atlanta Perinatal Associates data breach involves leaked six-page documents outlining ultrasound procedures. Thus, the leaked data includes all that one may expect to find in an ultrasound report, including patients’ names, dates of birth, ID numbers, expected due dates of delivery, as well as referring physician names, sonographer names, and the ultrasound results. In addition, these documents contain other information about patients, such as their historical use of drugs and alcohol, social and family factors that may affect pregnancy, and other health-related matters. So far, there are no reports that the leaked data contained any of the patients’ insurance information or Social Security numbers. The leaked data contained some records containing credit card information.

Atlanta Perinatal Associates has not yet confirmed the breach or notified any of the affected parties that their information was compromised. However, it is safe to assume that APA knows of the cyberattack and is likely in the process of conducting its own investigation into what happened. If the company confirms a breach of patient data, it will be required to notify all affected parties by sending them data breach notifications.

Additional Details About Atlanta Perinatal Associates

Atlanta Perinatal Associates is an Atlanta, Georgia-based healthcare provider focusing on maternal-fetal medicine. The practice specializes in treating mothers who are experiencing a high-risk pregnancy and coordinates all aspects of a patient's care with other medical providers. APA has eight locations throughout Georgia, including in Atlanta, Conyers, Decatur, East Point, Riverdale, Newnan, and Stockbridge. Atlanta Perinatal Associates has approximately 46 employees and brings in more than $8 million in annual revenue.

Concerns Surrounding Healthcare Data Breaches

Most people are familiar with the risks of data breaches that result in their financial information being leaked. When your financial information is placed in the hands of a hacker, cybercriminal or another bad actor, they will often use it to conduct unauthorized transactions and maybe even steal your identity.

However, fewer people are aware of the risks raised by data breaches targeting healthcare information. At first glance, the concern would seem to be that this information is very private, and the thought of it being made public makes patients uncomfortable—to put it mildly. Certainly, this is a very valid concern. And hackers have been known to exploit patients by threatening to make their information public.

However, the more common harm that comes from healthcare data breaches is that the hacker uses a patient’s information to obtain medical treatment in the patient’s name. Alternatively, a hacker may sell the patient’s information to another person, who then seeks treatment in the patient’s name. In either case, this can result in both financial and physical risks for the patient. For example, if someone obtains unauthorized medical care in your name, you will receive the bill for services you never received.

More concerning, however, is the fact that any information provided by the unauthorized party to the healthcare provider can find its way into your medical records. This means that the next time you go to the doctor’s office or hospital, it’s possible that the provider has inaccurate information related to your medical history, allergies, or current list of prescription drugs.

The threat of a healthcare data breach is very real. And anyone who learns that their medical information was compromised should take all necessary steps to secure the safety and accuracy of their medical records.