Once again, a medical data breach has exposed thousands of patients. This time, the victims primarily include citizens of the state of Georgia. Reportedly, the Augusta University Health suffered data breach due to multiple phishing attacks over the year. Regretfully, the breach has exposed around 417,000 records.
Data Breach At Augusta University Health
The Augusta University Health has reportedly suffered a massive data breach after multiple phishing attacks. According to the recent security notice on their website, sophisticated phishing attacks targeted Augusta University in two different instances. The first incident took place on September 10-11, 2017. Initially, the college suspected that the breach exposed a “small number of internal email accounts”. However, this year, they realized that those accounts allegedly exposed 417,000 records.
As stated in their notice,
“On July 31, 2018, investigators determined that email accounts accessed earlier by an unauthorized user may have given them access to the personal and protected health information of approximately 417,000 individuals.”
Whereas, the second phishing attack happened on July 11, 2018, with a much smaller scope.
Regarding the scope of affectees, the notice states,
“Some individuals within the following categories may be impacted: patients, students, employees and their dependents, some applicants to Augusta University and some who asked that their FAFSA data be sent to AU.”
Reportedly, the breach data includes explicit personal information about the patients, as well as their medical and health records. In some cases, breach of financial records and Social Security numbers is also suspected.
“No Misuse Of Data,” Says The President
After noticing the breach, officials proactively disabled the compromised email accounts and took other measures to contain the breach. Later on, they involved external cybersecurity experts to investigate the matter.
In a separate message informing about the breach, Brooks A. Keel, President Augusta University and the CEO of Augusta Health, says,
“While the investigation verified that personal information was contained in compromised email accounts, no misuse of information has been reported at this time.”
Augusta University will begin sending letters to the affected individuals notifying them of the breach. They also offer one-year free credit monitoring to those whose Social Security numbers were exposed in the breach.