HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Former South Georgia Medical Center Employee Arrested Over 41K-Record Data Breach

The Hospital Authority of Valdosta and Lowndes County Georgia has recently reported a data breach involving the unauthorized copying of patient data by a former employee of South Georgia Medical Center.

On November 12, 2021, security software generated an alert indicating an employee had downloaded data from the hospital’s systems onto a USB drive. The investigation confirmed the downloaded data included patients’ names, dates of birth, and test results. The breach was recently reported to the Department of Health and Human Services’ Office for Civil Rights as involving the protected health information of 41,692 individuals.

The employee had been provided with access to patient data in order to complete work duties, but no authorization was given to copy patient data and remove it from the hospital. The employee left employment at the hospital on November 11, 2021.

South Georgia Medical Center said no data was erased from its systems and the copied files have now been recovered. The data theft incident was reported to law enforcement and the Lowndes County Sheriff’s Office investigated the breach and the recovered files.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

South Georgia Medical Center CEO, Ronald Dean, said there is no reason to believe any of the copied information has been misused in any way, and financial data and Social Security numbers were not removed from the premises; however, individuals whose protected health information was removed from the hospital have been offered a complimentary membership to a credit monitoring and identity theft restoration service.

The sheriff’s office confirmed to the Valdosta Daily Times that a 43-year-old former employee of the hospital has been charged with felony computer theft and felony computer invasion of privacy in relation to the incident. The motive behind her copying the data is unclear.

South Georgia Medical Center said changes have been implemented following the incident to improve security, including limiting the use of USB drives and providing further training to the workforce.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.