An attacker got access to an EyeSouth Partners employee’s email account resulting to the potential viewing or theft of the protected health information (ePHI) of about 24,000 patients. EyeSouth Partners, a business associate of Cobb Eye Center, Georgia Ophthalmology Associates, South Georgia Eye Partners and Georgia Eye Associates, knew about the breach of data on October 25, 2018.
EyeSouth Partners immediately took action to protect the compromised email account and analyzed its network security. To avert email account breaches in the future, the business associate improved its security procedures to keep information secure.
As per the breach investigation results, the hacker accessed the email account from September 11, 2018 to October 25. Investigation of the breach was assisted by third-party computer forensics experts to track down the names of patients whose ePHI were compromised. On December 19, 2018, the investigators told EyeSouth Partners that it is possible that the hacker accessed email messages that contain the ePHI of the patients of Georgia Eye Associates.
The patient information potentially exposed varied from one person to another. The email messages and attachments may have contained the following information: patients’ names, email addresses, addresses, phone numbers, internal patient ID numbers, insurance company names, type of insurance carrier, payment account histories, summaries of bills, account balances and services and procedures summaries. A few patients may have had their Social Security numbers exposed as well.
EyeSouth Partners had sent notifications by mail to all the patients impacted by the breach and offered them credit monitoring services at no cost.