It has been revealed that Augusta University Medical Center (AUMC) and Augusta University fell victim to a phishing attack five months ago. The attack happened in mid-April when two employees’ email accounts were compromised.
Data said to have been compromised included patients’ names, addresses, dates of birth, Social Security numbers, financial information, medical record information, diagnoses, insurance information, and driving license numbers.
Upon discovery of the breach, the two email accounts were reportedly disabled and passwords were reset, and an investigation was launched.
The investigation concluded on July 18, 2017 that “an unauthorized third party accessed medical faculty email accounts containing patient protected health information or personal information” but “could not definitively conclude if any information was actually accessed, viewed, downloaded or otherwise acquired by the unauthorized user”.
Affected patients have been informed and advised of best practice to protect their personal information. For those whose Social Security numbers were breached, credit monitoring services and identity theft services have been provided.
A statement from AUMC and Augusta University said:
AUMC and Augusta University are committed to maintaining the privacy of patient information and to continually evaluating and modifying practices to enhance appropriate security and privacy measures, including ongoing cybersecurity awareness of their workforce.
This is the second time that AUMC has fallen victim to a phishing attack. The previous instance was in September 2016 when similar data was compromised. AUMC is not alone as phishing attacks are increasingly popular within the healthcare sector because of the volume of personal data that organizations hold. Phishing attacks are generally increasing in volume and sophistication, so it is essential to provide employees with sufficient training.
How to protect your organization from phishing attacks
No matter how effective your spam filter is, a spoof email could bypass it, making your organization’s staff the last line of defense against fraud. It is therefore vital that your staff are aware of the risks of phishing emails. elearning courses are an efficient, cost-effective method of training all your staff with minimal disruption.
Our Phishing Staff Awareness Course gives your staff an introduction to understanding and spotting phishing scams, and helps reduce the chance that an employee will hand over confidential information or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.