Georgia Hand, Shoulder & Elbow, P.C. (GHSE), a respected orthopedic practice, has alerted a select group of current and former patients that their personal data may have fallen into the wrong hands due to a recent business email compromise. The incident has sent shockwaves through the healthcare provider as they scramble to rectify the situation.
Did You Receive A Georgia Hand, Shoulder & Elbow Suffers Data Breach Notice Letter?
The breach was initially discovered on July 5, 2023, when suspicious activity was detected in an employee’s business email account. GHSE’s IT experts moved swiftly to lock down the compromised account, disable the email tenant, and reset passwords. They also brought in external forensic specialists to probe the extent of the unauthorized access.
The forensic investigation ultimately revealed that a sophisticated phishing email scheme had compromised only one business email account. Following a thorough electronic inquiry that concluded on September 15, 2023, it was ascertained that an unauthorized third party might have accessed specific personal and health information. Remarkably, GHSE has received no reports of information misuse or identity theft since the breach was uncovered.
The potentially compromised information comprises a wide range of data, including names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record and patient ID numbers, Medicare/Medicaid numbers, health insurance details, financial account data, and even credit and debit card numbers. The extent of data exposure varies from person to person, with not all individuals having the same set of information exposed. GHSE was quick to clarify that electronic medical records and patient medical files remained untouched.
To address the breach and shore up security, GHSE, in a statement released on their website, noted they have already implemented several improvements to their systems, security measures, and practices. They have also enlisted experts to conduct a thorough review of their security protocols to ensure greater protection moving forward.
Patients who received notification letters have been provided with guidance on steps they can take to safeguard their data. GHSE also stated they will offer complimentary credit monitoring and identity theft protection services for a year to all those potentially impacted. They strongly encourage affected individuals to enroll in these services and follow the recommendations in the notification letters to minimize risks.
For more information or to address any concerns about the incident, GHSE has set up a dedicated toll-free helpline at 1-833-770-0673, which operates from 8:00 am to 8:00 pm Eastern Time, Monday through Friday. You can also find additional information on GHSE’s website at https://www.gahand.org/.