General Health System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Baton Rouge-based General Health System (GHS), which operates more than 20 clinics and medical facilities in the Baton Rouge area, confirmed a healthcare data breach that occurred in June. The cyber incident began on June 28, and further investigation revealed that an unauthorized party had accessed certain directories within its network between June 24 and June 29. GHS is currently reviewing the contents of the directories that were at risk to assess what sensitive information was contained within them and to whom the information related. Once the review is completed, GHS intends to notify the potentially affected individuals via mailed notification letters, detailing what information related to them could have been accessed[1].

The unauthorized access to GHS’s network resulted in the exfiltration of files containing patient data. The specific types of information exposed include names, Social Security numbers, dates of birth, medical diagnoses/treatment information, biometric data, health insurance information, financial account information, driver’s license/state identification numbers, patient account numbers, and medical record numbers. GHS has not discovered any instances of fraud or identity theft as a result of the incident but has encouraged impacted individuals to remain vigilant[1][19].

GHS has taken steps to enhance its existing security protocols and is evaluating its policies and procedures related to data privacy and security. They have also arranged to provide affected individuals with access to credit monitoring and identity protection services through Equifax at no cost[2].

It’s important to note that this breach is one of many recent cybersecurity incidents affecting healthcare providers, highlighting the ongoing risks and challenges that the healthcare industry faces in terms of data security[19].

Citations:

  1. https://healthitsecurity.com/news/baton-rouge-general-confirms-healthcare-data-breach
  2. https://www.mass.gov/doc/assigned-data-breach-number-28532-general-health-system-inc/download
  3. https://www.securityweek.com/data-breach-louisiana-healthcare-provider-impacts-270000-patients/
  4. https://www.bleepingcomputer.com/news/security/healthcare-software-provider-data-breach-impacts-27-million/
  5. https://www.fiercehealthcare.com/payers/la-care-must-pay-13m-settlement-over-data-breaches-violated-hipaa-rules-protecting-patient
  6. https://www.beckershospitalreview.com/cybersecurity/hackers-exfiltrate-patient-files-at-baton-rouge-general.html
  7. https://www.cbsnews.com/news/prospect-medical-cyberattack-california-pennsylvania-hospital/
  8. https://www.hipaajournal.com/hipaa-violation-cases/
  9. https://www.ktalnews.com/news/louisiana/the-biggest-health-care-data-breaches-you-should-know-about-in-louisiana/
  10. https://www.wafb.com/2022/06/29/baton-rouge-general-responds-cyber-attack/
  11. https://www.modernhealthcare.com/technology/healthcare-data-breaches-cyberattacks-cybersecurity
  12. https://www.theguardian.com/us-news/2023/aug/04/cyberattack-us-hospitals-california
  13. https://www.beckershospitalreview.com/cybersecurity/more-than-1m-patient-records-breached-in-the-last-30-days.html
  14. https://apnews.com/article/cyberattack-hospital-emergency-outage-4c808c1dad8686458ecbeababd08fecf
  15. https://www.cshub.com/attacks/articles/the-biggest-cyber-security-attacks-in-november
  16. https://therecord.media/hhs-agrees-to-settlement-with-louisiana-group-data-breach
  17. https://healthitsecurity.com/news/alcohol-recovery-startup-suffers-healthcare-data-breach-108k-impacted
  18. https://www.citizen-times.com/story/news/local/2023/07/10/mission-hospital-owner-hca-healthcare-discloses-patient-data-breach/70400122007/
  19. https://www.turkestrauss.com/2022/08/26/baton-rouge-general-medical-center-data-breach-investigation/
  20. https://www.reuters.com/legal/litigation/three-us-data-breaches-show-varied-healthcare-exposure-risks-2023-02-06/
  21. https://www.hhs.gov/about/news/2023/12/07/hhs-office-for-civil-rights-settles-first-ever-phishing-cyber-attack-investigation.html
  22. https://www.jdsupra.com/legalnews/baton-rouge-general-posts-notice-of-7552063/
Breach Submission Date Aug 25, 2022
Converted Entity Name General Health System
Converted Entity Type Healthcare Provider
State LA
Individuals Affected 46,149
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes