Atlanta Women’s Health Group, P.C.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
On June 12, 2023, Atlanta Women’s Health Group, P.C. (AWHG) reported a data breach to the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) after a cybersecurity incident allowed unauthorized access to confidential patient information. The breach involved a “Hacking/IT incident” targeting AWHG’s network servers. An investigation confirmed that an unauthorized party accessed confidential patient information on the company’s IT network. The types of information compromised likely include names and protected health information such as Social Security numbers, lab results, medications, diagnoses, and health insurance claims information, although the exact data types have not been confirmed.
AWHG began reviewing the affected files to determine the specific information and individuals impacted. On or around June 12, 2023, AWHG sent out data breach notification letters to all individuals whose information was compromised. AWHG is a healthcare provider organization consisting of more than 40 OB/GYN practices in the Atlanta area, conducting over 400,000 visits annually for more than 300,000 patients. The group employs more than 174 people and generates approximately $14 million in annual revenue[1].
The breach at AWHG was part of a larger trend of cyberattacks and data breaches affecting various sectors, including healthcare, in 2023. Hacking incidents were the leading cause of healthcare data breaches, accounting for more than 77% of the breaches and more than 96% of the breached records in June 2023[9]. The Atlanta Women’s Health Group data breach impacted 33,800 patients[3].
For those affected by the breach, it is crucial to understand the risks and take steps to protect against potential fraud or identity theft. However, as of the information available, AWHG had not yet posted notice of the incident on its website or issued a press release explaining the incident in detail[1].
Citations:
- https://www.jdsupra.com/legalnews/atlanta-women-s-health-group-files-1924648/
- https://www.hackmageddon.com/2023/07/19/1-15-june-2023-cyber-attacks-timeline/
- https://www.hipaajournal.com/hipaa-breaches/
- https://awhg.org/privacy-policy-and-hipaa
- https://cybersecurityventures.com/intrusion-daily-cyber-threat-alert/
- https://caselaw.findlaw.com/ga-court-of-appeals/1531910.html
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.law.com/dailyreportonline/2024/01/16/burr-forman-faces-data-breach-of-health-care-client-information/
- https://www.hipaajournal.com/june-2023-healthcare-data-breach-report/
- https://law.justia.com/codes/georgia/2020/title-9/chapter-11/article-3/section-9-11-9-1/
- https://www.jdsupra.com/legalnews/urology-of-greater-atlanta-llc-8804615/
- https://breachdata.topwords.me/states/GA?limit=20&offset=0&sort=breach_type
- https://www.calhipaa.com/healthcare-data-breach-report-for-june-2023/
- https://casetext.com/case/pham-v-black