Navicent Health, one of Middle Georgia’s largest employers and health-care providers, announced Friday morning it was the victim of a cyber attack that targeted its email system last July.
Names, Social Security numbers, dates of birth and medical information such as billing and appointment scheduling were among patients’ personal information that could have been compromised as a result of the hack, Navicent Health said in a statement on its website.
Megan Allen, hospital spokeswoman, did not respond when asked how the attack was discovered and why Navicent Health waited to publicly announce it.
Since the discovery last summer, the hospital system “has worked closely with four industry-leading, external data privacy and cybersecurity firms” but it does not yet know if any fraud or identity theft has occurred as a result of the attack, Allen said in a news release. It also is not known if information was viewed or captured.
There is no evidence that the cyber attack affected the hospital system’s computer networks or its electronic medical record systems, according to the release.
Navicent will mail out letters to notify patients whose information might have been compromised and provide steps they can take to protect their personal information, Allen said in the news release. It also is offering free identity theft protection services to patients whose Social Security numbers might have been compromised.
The hospital system is evaluating its platforms for educating staff on cyber security and “reviewing technical controls” to help prevent future hacks, according to Navicent’s online statement: www.navicenthealth.org/notice-of-data-security-incident.html.
Patients who suspect their personal information was compromised as a result of the cyber attack are encouraged to visit www.navicenthealth.org for more information, or call a confidential, toll-free, inquiry line at 866-681-5170 from 9 a.m.-6:30 p.m. Monday-Friday.