Augusta University Health leaks 417,000 records due to phishing attacks

Once again, another medical data breach revealed the privacy of thousands of patients. This time, the victims were mainly citizens living in Georgia, USA. According to reports, Augusta University Health suffered a phishing attack last year. Regrettably, the latest survey showed that the attack caused about 417,000 records to be leaked.

According to reports, the Augusta University Health suffered a large-scale data breach after experiencing a phishing attack. According to the latest security notice posted on the school’s website, the attack took place from September 10 to 11, 2017. Initially, the school believed that the attack only exposed a small number of internal email accounts. However, this year, they realized that about 417,000 records were leaked.

As their notice describes, “On July 31, 2018, investigators determined that email accounts accessed earlier by an unauthorized user may have given them access to the personal and protected health information of approximately 417,000 individuals.”

However, a wave of unrest has started again. On the 11th of last month, Augusta University once again suffered a phishing attack. However, the scope of the victims is significantly smaller.

Regarding the specific scope of the victim, the notice stated that “some of the following categories may be affected: “students, employees and our patients, and that includes our obligation to safeguard their personal and health information.”

According to reports, the leaked data contains the patient’s clear personal information, as well as their medical and health records. For some of these victims, the leaked data may also contain their financial records and social security numbers.

After noticing this situation, the school immediately banned the compromised email account and took other steps to fix the security breach. Subsequently, they hired a third-party cybersecurity expert to assist in investigating the matter.

Brooks A. Keel, president of Augusta University and chief executive of Augusta University Health, said in a statement, “When our IT Security team became aware of the September attack, they acted immediately: disabling the impacted email accounts, requiring password changes and monitoring our systems for additional suspicious activity. Shortly thereafter we engaged external cybersecurity experts to determine the extent of the attack.”

The University of Augusta is ready to send a personal email to each victim to inform them about the incident and provide a one-year free credit monitoring service for those whose social security numbers have been compromised.