EyeSouth Partners has revealed that a cyber criminal has obtained access to a staff member’s email account and may have viewed/obtained the electronic protected health information (ePHI) of up to 24,000 clients.
EyeSouth Partners is a registered business associate of Georgia Eye Associates, South Georgia Eye Partners, Cobb Eye Center, and Georgia Ophthalmology Associates. EyeSouth Partners became aware, on October 25 last year, that an unauthorized person had obtained access to the email account of one of its staff members.
Swift action was taken to safeguard the email account and assess the security of its databases. Measures were also implemented to strengthen information security procedures to stop any further email account breaches.
The breach investigation showed that the cyber criminal first obtained access to the email account on September 11, 2018. Access was open up until October 25.
An external computer forensics company was contracted to help with the investigation and discover which patients had had their ePHI possibly accessed. On December 19, 2018, EyeSouth Partners was told that that the hacker had potentially accessed emails that included the ePHI of patients of Georgia Eye Associates.
The information included in emails and email attachments differed from patient to patient but may have incorporated names, addresses, contact telephone numbers, email addresses, insurance provider, sort of insurance carrier, payment histories, account balances, summaries of charges, summaries of services and procedures, and internal patient Identification numbers. A restricted number of patients also had their Social Security number available to access.
All patients impacted by the breach have now been alerted by mail and offered free credit monitoring services.