Mega Disasters – Havoc Wreaked by Equifax

Hurricanes vs. Equifax – Compare and Contrast

Did we really need one more piece of bad news as summer wound down? The devastation and losses across Texas, Louisiana, Florida and the Caribbean had many of us on the edge of our seats from August 25 through last weekend. From the safety of high ground in the Midwest we were not directly affected by Harvey or Irma other than a temporary surge in gas prices. But friends, relatives and customers have suffered terribly. Homes were destroyed and lives were lost. We donated money, we filled boxes with cleaning supplies and diapers to ship south, we checked in with friends. We breathed some relief – it could have been worse.

Then in marched Equifax. Not as visual a disaster, perhaps not as obviously heartrending but yes, it is a disaster of unprecedented proportion, affecting 143 million people directly – over half of American adults. It is insidious precisely because the damage is not visual and not at all obvious. The potential economic damage to millions of people is underground, perhaps not immediate, but waiting to emerge as cyberthieves find ways to use your data to enrich themselves.

How Did It Happen?

Negligence. It now appears that the vulnerability (the open door used by hackers) was a software application Equifax uses but had failed to “patch” although the patch had been available since March. More reporting on that here.

If You Aren’t Worried, You Aren’t Paying Attention

If your personal information was not compromised in 2015 by the Anthem or IRS data breaches, it most likely is now. The Equifax breach gathered more data than either of those, and it’s all in one place, making identity theft much easier. Sensitive information stolen includes names, birthdays, addresses, social security numbers, and driver’s license numbers. Any of your assets that you track online are potentially available to thieves and your ability to build and maintain good credit is at risk. This damage will last for decades. NOTE: Even if you did not use Equifax yourself, you could be affected, because Equifax tracks everybody with credit.


Physical damage from hurricanes and floods can eventually be repaired. The rebuilding in Florida and Texas began as soon as the storms moved on and  eventually will be completed. But building safety around personal data does not have an end date. In today’s world, the real story is that we have to change our thinking and change our habits – we all need to become schooled in how to fool cyberthieves – how to conduct our own Risk Management Plan. We can’t leave it up to the institutions we’ve trusted in the past. There is a lot of advice about what to do as a consumer. Here is guidance from the Federal Trade Commission.

What About Healthcare?

When it comes to protecting health information, Covered Entities and Business Associates both have a legal responsibility to conduct a Risk Analysis and implement a Risk Management Plan to reduce the chances of compromise. The HIPAA E-Tool® contains an easy to use Risk Analysis-Risk Management tool to enable the highest level of protection, by nudging staff to evaluate risks, and to install patches, as soon as available. It also helps inventory equipment and data, and assigns responsibility for follow through to manage risks.

“The first Risk Analysis step of The HIPAA E-Tool‘s interactive Risk Analysis-Risk Management tool calls for identification of any software that has not been updated with the latest security patch. Any unpatched software identified in Risk Analysis Step 1 is automatically entered on the first set of Risk Management Action Steps.”

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free