Augusta University Medical Center reports breach 5 months after phishing attack

Augusta (Ga.) University Medical Center disclosed a potential breach of patient information five months after the associated phishing attack, The Augusta Chronicle reports.

The hospital announced Sept. 15 a phishing attack hit two faculty email accounts April 20 and April 21, according to The Augusta Chronicle. Hospital officials said the two email accounts were immediately frozen. The attacks allegedly allowed an unauthorized third-party to gain access to the email accounts and potentially view the information inside, an investigation concluded July 18.

The investigation also determined fewer than 1 percent of Augusta University Medical Center patients were impacted by the breach, according to a Sept. 15 notice delivered to employees and obtained by Becker's Hospital Review.

There is no evidence patient information was accessed or misused, Jim Rush, the hospital's chief integrity officer, told The Augusta Chronicle. However, the two faculty email accounts comprised some names, addresses, dates of birth, Social Security numbers, financial account information and diagnosis information, among other data, for a few thousand patients.

To avoid future security incidents, Mr. Rush said the hospital would provide staff training on how to identify suspicious emails. The hospital also established a toll-free line to answer questions from affected patients.

Editor's note: Becker's Hospital Review reached out to Augusta University Medical Center for comment and will update as more information becomes available.

More articles on cybersecurity:
Equifax CIO and chief security officer to resign, CEO to remain: 5 things to know
North York General Hospital taps Thales, Identos for encryption services
Children's Hospital Colorado alerts 3.4k patients of email breach

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months