EyeSouth Partners Email Account Breach Impacts 24,000 Patients of Georgia Eye Associates

EyeSouth Partners has announced that a hacker has gained access to an employee’s email account and has potentially viewed/obtained the electronic protected health information (ePHI) of as many as 24,000 patients.

EyeSouth Partners is a business associate of Georgia Eye Associates, South Georgia Eye Partners, Cobb Eye Center, and Georgia Ophthalmology Associates. On October 25, 2018, EyeSouth Partners became aware that an unauthorized individual had gained access to the email account of one of its employees.

Prompt action was taken to secure the email account and assess the security of its systems. Procedures were also implemented to enhance information security safeguards to prevent any further email account breaches.

The breach investigation revealed the hacker first gained access to the email account on September 11, 2018. Access remained possible until October 25.

Third-party computer forensics experts were hired to assist with the investigation and determine which patients had had their ePHI exposed. On December 19, 2018, EyeSouth Partners was informed that the hacker had potentially accessed emails that contained the ePHI of patients of Georgia Eye Associates.

The information contained in emails and email attachments differed from patient to patient but may have included names, addresses, contact telephone numbers, email addresses, insurance provider names, type of insurance carrier, payment histories, account balances, summaries of charges, summaries of services and procedures, and internal patient ID numbers. A small number of patients also had their Social Security number exposed.

All patients affected by the breach have now been notified by mail and offered complimentary credit monitoring services.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.