Less than 1 percent of patients impacted by phishing attack of faculty email accounts

AU Medical Center, Inc. (AUMC) and Augusta University have notified a limited number of patients about a recently discovered security incident involving faculty email accounts. Letters have been mailed to individuals who may have been affected to notify them of the incident.

AUMC and Augusta University learned that a small number of medical faculty at Augusta University were victims of a phishing attack to their email system. Upon learning of the issue, Augusta University promptly disabled the impacted email accounts, required password changes for the compromised accounts, maintained heightened monitoring of the accounts and commenced an investigation.

On July 18, 2017, the investigation concluded that an unauthorized third party accessed medical faculty email accounts containing patient protected health information or personal information. The investigation further determined that the compromise of the email accounts occurred between April 20-21, 2017, but the forensic firm could not definitively conclude if any information was actually accessed, viewed, downloaded or otherwise acquired by the unauthorized user.

The compromised email accounts at issue contained patient full name and either one or more of the following: home address, date of birth, Social Security number, financial account information, driver’s license number, medical record number, insurance information, prescription information, diagnosis/condition, and/or treatment information.

To date, AUMC and Augusta University are not aware of improper use of the information, but provided notice out of an abundance of caution. Patients have been provided with best practices to protect their information. It also is recommended that affected patients review the statements that they receive from their health insurance providers and follow up on any items not recognized. Credit monitoring and identity theft restoration services are provided to those individuals whose Social Security number was compromised.

AUMC and Augusta University are committed to maintaining the privacy of patient information and to continually evaluating and modifying practices to enhance appropriate security and privacy measures, including ongoing cybersecurity awareness of their workforce.

For further questions or additional information regarding this incident or to determine if you are impacted, patients may call a dedicated toll-free response line that has been set up at 888-735-5670, Monday through Friday, 9 a.m. to 9 p.m. Eastern Time.