EyeSouth Partners notifies 24,000 patients after employee email account hacked

From the public notice issued by Georgia Eye Associates:

EyeSouth Statement Regarding Recent Security Incident

EyeSouth Partners (“EyeSouth”) recently suffered a security incident that potentially affected the protected health information (“PHI”) of Georgia Eye Associates patients. EyeSouth has provided the following information to Georgia Eye Associates out of an abundance of caution:

Between September 11, 2018 and October 25, 2018, an unknown individual had access to one EyeSouth employee email account. Upon becoming aware of the incident on October 25, 2018, EyeSouth immediately launched an investigation, confirmed the security of its system, and implemented procedures designed to enhance the effectiveness of its information security safeguards. EyeSouth also worked with a number of forensics experts to analyze the information affected by the incident. On December 19, 2018, EyeSouth determined that the incident potentially affected the name, patient ID number (that was randomly generated and specific to the practice), telephone number, email address, name of health insurance carrier (if any), and account balance information of some Georgia Eye Associates patients. For further information, individuals may call EyeSouth’s dedicated assistance line at 1-877-237-1071 (toll free), Monday-Friday, 9:00 a.m. to 7:00 p.m. EST.

And from the EyeSouth legal notice in media:

Eyesouth Partners (“Eyesouth”) Recently Suffered a Security Incident

EyeSouth Partners (“EyeSouth”) recently suffered a security incident that potentially affected the protected health information (“PHI”) of Georgia residents. EyeSouth is a business associate of Cobb Eye Center, South Georgia Eye Partners, Georgia Ophthalmology Associates and Georgia Eye Associates. EyeSouth is providing this notification out of an abundance of caution to address its obligations under HIPAA. Between September 11, 2018 and October 25, 2018, an unknown individual had access to one EyeSouth employee email account. Upon becoming aware of the incident on October 25, 2018, EyeSouth immediately launched an investigation, confirmed the security of its system, and implemented procedures designed to enhance the effectiveness of its information security safeguards. EyeSouth also worked with a number of forensics experts to analyze the information affected by the incident. On December 19, 2018, EyeSouth Partners determined that the incident potentially affected the PHI of Georgia residents. The PHI potentially affected by the incident varies by individual, and may include some of the following: the individual’s name, telephone numbers, address, email address, name and type of health insurance carrier, payment history and account balance, summary of charges and summary of service or procedure, and a randomly-generated practice-specific patient ID number. For a small subset of individuals, Social Security numbers were also potentially affected by the incident. EyeSouth is taking steps to notify individuals who may have been impacted by this incident, and is also providing free credit monitoring services for individuals whose Social Security numbers were potentially impacted. For further information, individuals may call EyeSouth’s dedicated assistance line at 1-877-237-1071 (toll free), Monday-Friday, 9:00 a.m. to 7:00 p.m. EST. 1-30/2019
January 30, 2019
February 28, 2019
February 7, 2019 11:50am

About the author: Dissent