BERLIN– Atlantic General Hospital is currently notifying individuals whose personal information might be impacted by the cyberattack that occurred in January.
On March 24, Atlantic General Hospital began mailing letters to potentially impacted individuals. The hospital also updated its website to include notice of a data privacy event.
“AGH encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing personal account statements and monitoring free credit reports for suspicious activity and to detect errors,” the notice reads.
On Jan. 29, AGH experienced a ransomware attack that resulted in network outage issues. While interruption to patient care was limited, operations impacted included the outpatient walk-in lab, pulmonary function testing, outpatient imaging and RediScripts. While the hospital was fully operational again within a couple weeks of the incident, investigations have been underway since to determine what information was impacted by event.
“Through our investigation, we learned that certain files within our network were subject to unauthorized access during the period of unauthorized access,” the notice reads. “AGH then undertook a comprehensive review of these files to determine what data was contained within the files and to whom that data relates. On March 6, 2023, AGH determined that the impacted files contained certain information related to patients and/or employees.”
While AGH has seen “no evidence of misuse of any information related to this incident” the data privacy notice states the scope of information involved could include an individual’s name, social security number, driver’s license number, financial account information, date of birth, medical record number, treating/referring physician, health insurance information, subscriber number, medical history information or diagnosis/treatment information.
While speaking at a town hall meeting earlier this month, AGH CEO Don Owrey said that while the attackers, a well-known group based in China, accessed the hospital’s network, they did not get into the hospital’s electronic medical records. Those are hosted remotely.
“We’re 100% confident that access to electronic health records did not happen,” he said at the time.
The hospital’s data privacy event notice says that people who want more information can call 1-888-338-9887 Monday through Friday from 9 a.m. to 9 p.m. The notice also includes information on how people can monitor their credit reports and set up fraud alerts.