Ransomware attack on Georgia health system endangers info of 1.4M patients

In another incident, a former employee in New York is accused of electronic health record snooping – potentially affecting more than 10,000 patients.
By Kat Jercich
11:34 AM

A ransomware attack discovered by St. Joseph's/Candler earlier this summer has compromised the records of 1.4 million patients.  

The Savannah, Georgia-based health system published a notice this month about the incident, which took its network offline for multiple days.  

"Through SJ/C’s investigation it was determined that the incident resulted in an unauthorized party gaining access to SJ/C’s IT network between the dates of December 18, 2020 and June 17, 2021," said the organization on its website.

"While in our IT network, the unauthorized party launched a ransomware attack that made files on our systems inaccessible," the notice continued.  

According to a breach report made to the U.S. Department of Health and Human Services' Office of Civil Rights, 1.4 million individuals' records were affected by the hack.  

This information may have included patient names in combination with:  

  • Address
  • Date of birth
  • Social Security Number
  • Driver’s license number
  • Patient account number
  • Billing account number
  • Financial information
  • Health insurance plan member ID
  • Medical record number
  • Dates of service
  • Provider names
  • Medical and clinical treatment information regarding care received from SJ/C  

"To help prevent something like this from happening again, we have implemented, and will continue to adopt, additional safeguards and technical security measures to further protect and monitor our systems," said the statement.  

EHR snooping affects 10K patients

Meanwhile, in Queens, New York, Long Island Jewish Forest Hills Hospital has notified patients who were potentially affected by a former employee’s unauthorized EHR access.  

A breach report filed with OCR says the incident affected 10,333 patients.  

In January 2020, the hospital explained, a subpoena was issued seeking documents in connection with an investigation into a “no fault” motor vehicle accident insurance scheme.   

After receiving it, LIJFH realized that a former employee referenced in the subpoena had improperly accessed EHRs.

"To date, LIJFH has no evidence that the information accessed by the former employee was used improperly or had anything to do with the insurance scheme that was being investigated," said the hospital. 

Still, the organization is notifying every patient whose medical records were accessed by the former employee between August 23, 2016 and October 31, 2017.   

"In addition to confirming that the employee was no longer employed by LIJFH, steps have been taken to try to prevent this type of incident from occurring in the future," officials said, including employee training and the implementation of additional security tools.   

"Finally, the Compliance Department conducts audits of medical record access to minimize the risk of such incidents occurring in the future," according to LIJFH.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.