Ransomware Attack on GA Health System Impacts Staff, Patients’ PHI

August 11, 2021 - A ransomware attack on one of southeast Georgia’s largest healthcare systems exposed both staff and patients’ protected health information (PHI.) 

St. Joseph’s/Candler (SJ/C) announced on August 10 that it experienced “a data security incident that may have resulted in unauthorized access to patient and employee information,” according to a press release.  

The Georgia-based healthcare system, which has 116 service locations across the state, identified suspicious activity in its network on June 17, 2021, according to the press release.  

“SJ/C immediately took steps to isolate and secure its systems, notified federal law enforcement, and launched an investigation with the assistance of cybersecurity firms,” it states. “Through the investigation, SJ/C determined that the incident resulted in an unauthorized party gaining access to its IT network between the dates of December 18, 2020 and June 17, 2021. While in SJ/C's IT network, the unauthorized party launched a ransomware attack that made files on SJ/C's IT systems inaccessible.” 

Hackers may have been able to access files that contained both patients’ and staff members’ information, including protected health information (PHI) during the cyberattack, according to the release. 

"“J/C cannot rule out the possibility that, as a result of this incident, files containing patient and co-worker information may have been subject to unauthorized access,” it states. “This information may have included individuals' names in combination with their addresses, dates of birth, Social Security numbers, driver's license numbers, patient account numbers, billing account numbers, financial information, health insurance plan member ID numbers, medical record numbers, dates of service, provider names, and medical and clinical treatment information regarding care received from SJ/C.” 

The healthcare system started mailing out letters to the staff and patients impacted by this data breach.  

SJ/C is offering those individuals impacted by the breach free credit monitoring and identity protection services. 

The health provider also set up a dedicated incident response line for those in need of more information about the incident. The response line is open from 8am to 5:30pm, EST, Monday through Friday.  

“SJ/C recommends that patients whose information may have been involved in this incident review the statements they receive from their health care providers,” the press release states. “If they see services they did not receive, patients should contact the provider immediately.” 

SJ/C said it is implementing enhanced security as a response to the ransomware attack and “will continue to adopt, additional safeguards and technical security measures to further protect and monitor its systems.”