AOA calls for change, federal investigation following data breach

AOA calls for change, federal investigation following data breach

In light of an ongoing data breach affecting optometry, AOA leadership issued a profession-wide call to action to curb current and future cases of identity theft, while also notifying the nation's chief law enforcement authority.

The AOA respectfully requests the Department of Justice, acting through the FBI, pursue an investigation to identify the data thieves responsible for this criminal act. 

As yet another wave of malicious credit card applications keeps the profession reeling, the AOA Board of Trustees passed a motion Oct. 8 encouraging optometric organizations to take immediate steps to meet recognized standards for data security.

The new resolution calls for a united effort by AOA, affiliates and others, asking each to petition optometric testing organizations, including the National Board of Examiners in Optometry (NBEO), and state boards of optometry to eliminate the use of SSNs as personal identifiers, in favor of unique identifier numbers, wholly unrelated to SSNs or other sensitive personal information.

Ensuring data privacy

While the source of this particular data breach is still unknown, students are preparing to take their board examinations and, to do so, they currently need to provide sensitive information, including SSNs. This requirement is not consistent across health care professions.

The Joint Commission on National Dental Examinations, for instance, requires dental students to use a unique identifier—known as a DENTPIN—to access testing resources, instead of an SSN. The American Dental Educators Association states the DENTPIN replaced "Social Security numbers, Canadian Social Insurance Numbers, or Reference Numbers to help protect sensitive, identifying information while facilitating data collection and reporting."

This AOA Board motion comes two weeks after AOA President Andrea P. Thau, O.D., called on the NBEO to issue privacy reassurances to students and recent graduates that their personal data will be protected. "In order to allay these concerns, can you provide assurances that the current NBEO registration system for new registrants—which includes the required entry of Social Security numbers—comports with best practices for testing bodies in other professions and meets all applicable industry standards for data security?" Dr. Thau questioned.

The AOA has yet to receive a formal reply, but will continue insisting on the latest, most accurate information to provide to its members. The AOA encourages all doctors of optometry—not only students and new graduates—to initiate credit monitoring, as all signs point to profession-wide involvement. Click here to learn more about protecting your identity, even if you haven't been affected by this particular breach.

AOA continues push for federal investigation

Optometry deserves to know the source of this breach and be assured that steps are being taken to eliminate the chance of this occurring again. The AOA is taking those steps, not only by calling on testing organizations and state boards, but also by reaching out to federal investigators.

Following initial reports of unsolicited, fraudulent applications for Chase Amazon.com Visa cards on and around Aug. 2, the AOA contacted the FBI and Federal Trade Commission to apprise investigators. Now, AOA's leadership has taken another step. At the direction of AOA's Board of Trustees, the AOA also drafted a letter to the U.S. Attorney General's Office that calls for further Department of Justice investigation into the identity thefts currently affecting untold numbers in optometry.

As stated in the letter (member login required), the AOA hopes that by holding those responsible accountable, and reforming state licensing and testing requirements to address privacy concerns, "the profession may begin to put this episode behind it and reduce the likelihood of any similar occurrence in the future." The letter continues: "The AOA respectfully requests the Department of Justice, acting through the FBI, pursue an investigation to identify the data thieves responsible for this criminal act."

The AOA reiterates that no breach of AOA's systems occurred, and furthermore, AOA does not gather SSNs through its membership process. The AOA continues to follow this situation closely and will provide updates when possible.

October 13, 2016

comments powered by Disqus