Navicent Health, a Macon, Georgia based Medical Center has released a press statement today that a cyber attack on its email system which took place in July 2018 has compromised patient details that include names, date of births, addresses, medical information like billing and appointment and social security numbers.
According to the media update, the authorities of the second largest hospital in Georgia discovered the unauthorized data access in July 2018 and immediately launched an investigation by forensic experts.
On January 24th, 2019 the investigators determined that hackers gained access to some critical info. But are unsure on whether the info was viewed or acquired by hacker/s.
Navicent Health has announced that patients will receive a year-long free credit monitoring along with identity theft protection which the medical center will pay on behalf of those impacted.
In order to avoid such data breach embarrassments in future, Navicent Health is educating its employees, reviewing its IT infrastructure, and evaluating its security controls over email systems, so that the entire framework remains isolated from cyber incidents.
Note 1- As per the prevailing HIPAA law, all private and public entities need to report the breach within 60 days of first discovering the incident. And a failure in doing so can attract stringent action against healthcare from the department of health and human services.
Note 2- Navicent Health is also known as the Medical Center of Central Georgia and is a 637-bed hospital located in Macon, Georgia. It has over 4,500 employees and a medical staff comprised of over 700 physicians.