Data Breach at Georgia Health System

Written by

A health system in Georgia has begun notifying patients of a six-month-long data breach that culminated in a ransomware attack.  

St. Joseph’s/Candler (SJ/C), one of the largest hospital systems in Savannah, became aware of suspicious network activity on the morning of June 17, 2021. A ransomware attack was confirmed, and steps were taken to limit its impact. 

With its computers out of action, the health system used social media to spread word of the security incident, posting: “On the morning of June 17, St. Joseph’s/Candler became aware of suspicious network activity. As a security measure, SJ/C took immediate steps to isolate systems and to limit the potential impact.

“We also promptly initiated an investigation into the scope of the incident, which is ongoing and in its early stages, although SJ/C has confirmed that the incident involved ransomware."

SJ/C employees had to revert to downtimes procedures such as using pens and paper to complete documentation. While the incident led to EHR downtime, imaging, primary care, surgery, and special physician appointments were unaffected.

The health system said at the time of the attack that it would notify anyone whose personal data had been compromised. That notification process began on August 10 after an investigation revealed that sensitive information belonging to both SJ/C patients and employees had been accessed by an unauthorized third party. 

In a statement released yesterday, the health system said: "Through SJ/C’s investigation it was determined that the incident resulted in an unauthorized party gaining access to SJ/C’s IT network between the dates of December 18, 2020, and June 17, 2021. 

"While in our IT network, the unauthorized party launched a ransomware attack that made files on our systems inaccessible."

Data that may have viewed by the malicious hacker(s) included patient names in combination with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, financial information, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information regarding care received from the health system.

SJ/C is offering impacted individuals complimentary credit monitoring and identity protection services.

What’s hot on Infosecurity Magazine?