Unauthorized Access to Email leads to PHI Exposure at EyeSouth
Who: Georgia Eye Associates,EyeSouth Partners
# of Records: 24.000 patients
When it occurred: September 11, 2018, and October 25, 2018
What Happened: Unknown individual had access to one EyeSouth employee email account.
How it Happened: EyeSouth determined that the incident potentially affected the name, patient ID number (that was randomly generated and specific to the practice), telephone number, email address, the name of health insurance carrier (if any), and account balance information of some Georgia Eye Associates patients.
Outcome: Upon becoming aware of the incident on October 25, 2018, EyeSouth immediately launched an investigation, confirmed the security of its system, and implemented procedures designed to enhance the effectiveness of its information security safeguards. EyeSouth also worked with a number of forensic experts to analyze the information affected by the incident. EyeSouth is taking steps to notify individuals who may have been impacted by this incident and is also providing free credit monitoring services for individuals whose Social Security numbers were potentially impacted.