Navicent Health reported Data Breach due to a cyberattack

The second-largest hospital of Georgia, Navicent Health, is notifying their patients that some of their PHI (Protected Health Information) was possibly been compromised due to a cyberattack on email account system of its employee.

As per the notice, the officials first learned about an unauthorized access to their employee as well as hosted email accounts by a third-party in July 2018. So, a forensics security firm was hired to investigate this security incident and determine what type of patient information has been compromised in the cyberattack. The law enforcement has also been notified.

The Georgia-based hospital explained in one substitute breach notice on their website that it became clear only on January 24, 2019, that the email accounts having patient information got breached. However, no reason was provided to explain why the hospital required 6 months, after discovering the breach in July 2018, to determine that PHI of patients had been compromised.

The types of patient information that has been possibly accessed by attackers included names, dates of birth, addresses, and some medical data such as billing information and appointment dates. Social Security numbers of some patients' was also compromised in this cyberattack.

The officials of Navicent Health said that they were unable to confirm whether any PHI of patients was downloaded or viewed by the attackers. Further, the officials could not "isolate exactly what, if any, information may have been obtained". However, it has been confirmed that the cyberattack didn't impact Navicent's EHR system or network, and was only limited to the employee email accounts.

The breach portal of OCR indicates that 278,016 patients have been affected by this breach. All the patients who are affected by this incident have been notified now. Moreover, free identity theft protection services were offered to all the patients' whose Social Security number was possibly compromised.

The notice of Navicent Health said that "we take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause. We are committed to taking steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls". After discovering this cyberattack, Navicent Health has been working with numerous cybersecurity firms in order to improve their security and avoid further breaches.

» SPAMfighter News - 4/16/2019