"Data Breach at Georgia Health System"
St. Joseph’s/Candler (SJ/C), one of the largest hospital systems in Savannah, became aware of suspicious network activity on the morning of June 17, 2021. A ransomware attack was confirmed, and steps were taken to limit its impact. SJ/C employees had to revert to downtimes procedures such as using pens and paper to complete documentation. While the incident led to EHR downtime, imaging, primary care, surgery, and special physician appointments were unaffected. The health system stated that it would notify anyone whose personal data had been compromised. That notification process began on August 10 after an investigation revealed that an unauthorized third party had accessed sensitive information belonging to SJ/C patients and employees. During the investigation, it was determined that the incident resulted in an unauthorized party gaining access to SJ/C’s IT network between December 18, 2020, and June 17, 2021. While in their IT network, the unauthorized party launched a ransomware attack that made files on their systems inaccessible. Data that may have been viewed by the malicious hacker(s) included patient names in combination with their address, date of birth, Social Security number, driver’s license number, patient account number, billing account number, financial information, health insurance plan member ID, medical record number, dates of service, provider names, and medical and clinical treatment information regarding care received from the health system.
Infosecurity reports: "Data Breach at Georgia Health System"