New Year’s Resolutions

So, you lost the 10 pounds, paid down some debt, gone the gym three times a week, flossed daily, spent more time with your kids, read two biographies, adopted a stray cat, called your mom more frequently, watched less TV, and tried a new vegetable.

Since you have already checked all those off your list, how are you doing with that goal about improving your data security? What?

Remember, back in January, I wrote about the rise in ransomware attacks and you promised yourself that you’d get right on that.  OK, OK, you got distracted.  Happens to all of us.  Sometimes we just need a little nudge to get us back on track.  Here’s your nudge.

Here are two stories from the same source, one about a Texas urology group and another about a Kentucky chiropractor both attacked in January of this year.  Both practices were hit by hackers in January.  Urology Austin confirmed it did not pay any ransom, while it is unknown whether the chiropractor did.

Let me frame this for you before we go on:  the website for Urology Austin says the practice has 18 physicians.  The site for Estill County Chiropractic has a button that says, ‘Meet the Doctor.’  Yes, singular.  These were not attacks on some big health plan.  These practices look a lot like yours.

Now for your nudge.

Let’s set aside, for a moment, a whole bunch of the costs that come with this type of attack – lost business revenue, paying the consultants to investigate and the lawyers to advise.  Let’s just look at one single cost item.

Because they could not confirm that no data had been extracted from their system by the bad guys, both practices agreed, as they should, to pay for one year of credit monitoring and identity protection services for their patients.  In one of the stories, it was mentioned that service was being provided by Equifax, so your dutiful reporter hopped over to their site to get some pricing. 

The basic service cost about $225 per person for a year.  But let’s assume that since our friends are, unfortunately, buying in bulk they were able to negotiate a volume discount.  Let’s assume they get the price down to $100 per person, not because I think urologists are particularly good negotiators, but because it makes the math easy.

Urology Austin had 279,663 patient records compromised; Estill County Chiropractic had 5,335.

That comes to $27,966,300  and $533,500 respectively.

$27 million?  No way.

OK, let’s assume they are really, really good negotiators and get it down to $10 per person (all about simple math here today).  That is still $2.8 million, or over $150,000 per physician for the urologists and over $50,000 for our Bluegrass alignment guy.

Hopefully, there was insurance to help, but still.

And this is only one of the cost items.

So, let’s revisit that promise you made to yourself.

And call your mother right after you floss.


17 − 16 =


Tim Coan, ALN’s CEO, writes an insightful and witty blog three times a week about a variety of topics relevant to independent physician practices.

Yes, I'd like to get Tim's blog.