25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Former South Georgia Medical Center Employee Arrested Over 41K-Record Data Breach

Posted By on Feb 2, 2022

The Hospital Authority of Valdosta and Lowndes County Georgia has recently reported a data breach involving the unauthorized copying of patient data by a former employee of South Georgia Medical Center.

On November 12, 2021, security software generated an alert indicating an employee had downloaded data from the hospital’s systems onto a USB drive. The investigation confirmed the downloaded data included patients’ names, dates of birth, and test results. The HIPAA breach was recently reported to the Department of Health and Human Services’ Office for Civil Rights as involving the protected health information of 41,692 individuals.

The employee had been provided with access to patient data in order to complete work duties, but no authorization was given to copy patient data and remove it from the hospital. The employee left employment at the hospital on November 11, 2021.

South Georgia Medical Center said no data was erased from its systems and the copied files have now been recovered. The data theft incident was reported to law enforcement and the Lowndes County Sheriff’s Office investigated the breach and the recovered files.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

South Georgia Medical Center CEO, Ronald Dean, said there is no reason to believe any of the copied information has been misused in any way, and financial data and Social Security numbers were not removed from the premises; however, individuals whose protected health information was removed from the hospital have been offered a complimentary membership to a credit monitoring and identity theft restoration service.

The sheriff’s office confirmed to the Valdosta Daily Times that a 43-year-old former employee of the hospital has been charged with felony computer theft and felony computer invasion of privacy in relation to the incident. The motive behind her copying the data is unclear.

South Georgia Medical Center said changes have been implemented following the incident to improve security, including limiting the use of USB drives and providing further training to the workforce.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist