Augusta (Ga.) University Medical Center disclosed a potential breach of patient information five months after the associated phishing attack, The Augusta Chronicle reports.
The hospital announced Sept. 15 a phishing attack hit two faculty email accounts April 20 and April 21, according to The Augusta Chronicle. Hospital officials said the two email accounts were immediately frozen. The attacks allegedly allowed an unauthorized third-party to gain access to the email accounts and potentially view the information inside, an investigation concluded July 18.
The investigation also determined fewer than 1 percent of Augusta University Medical Center patients were impacted by the breach, according to a Sept. 15 notice delivered to employees and obtained by Becker's Hospital Review.
There is no evidence patient information was accessed or misused, Jim Rush, the hospital's chief integrity officer, told The Augusta Chronicle. However, the two faculty email accounts comprised some names, addresses, dates of birth, Social Security numbers, financial account information and diagnosis information, among other data, for a few thousand patients.
To avoid future security incidents, Mr. Rush said the hospital would provide staff training on how to identify suspicious emails. The hospital also established a toll-free line to answer questions from affected patients.
Editor's note: Becker's Hospital Review reached out to Augusta University Medical Center for comment and will update as more information becomes available.