Wellstar Health System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Wellstar Health System, based in Georgia, experienced a data breach that was announced on April 10, 2022. The breach involved unauthorized access to two Wellstar email accounts by an “unauthorized party.” The security incident was discovered on February 7, 2022, and it was determined that the email accounts were accessed between December 6, 2021, and January 3, 2022[1][5].

The compromised information included personal or protected health information such as names, medical record numbers, Wellstar account numbers, and lab information. However, Wellstar confirmed that social security numbers and financial information were not included in the accessed information[1][5]. There was no evidence to suggest that the data was misused or in the possession of unauthorized individuals, but Wellstar issued notices to anyone whose information may have been contained in the accessed accounts as a precaution[1].

In response to the incident, Wellstar disabled access to the impacted email accounts, required mandatory password resets, and implemented additional technical safeguards on its email system. They also provided additional training to employees to increase awareness of the risks of malicious emails[1].

Patients who were notified about the breach were advised to monitor their insurance statements for any transactions related to care or services that they did not receive[1]. For more information, Wellstar established a patient response line[1].

The breach was reported to the U.S. Department of Health and Human Services’ Office for Civil Rights as affecting 30,417 individuals[6].

Citations:

  1. https://www.11alive.com/article/news/local/wellstar-patient-data-breach/85-a94564b7-8b55-4b35-b8a9-11ceeb9371b6
  2. https://www.ajc.com/news/metro-atlanta-company-suffers-data-breach-affecting-54k-inmates/XYT7ZH3DGRDYVAKYV5G5CFBGJQ/
  3. https://law.justia.com/cases/georgia/court-of-appeals/2006/a06a0394-0.html
  4. https://casetext.com/case/wellstar-health-sys-inc-v-alfaro
  5. https://www.scmagazine.com/brief/data-breach-at-ga-health-system-confirmed
  6. https://www.hipaajournal.com/resources-for-human-development-wellstar-health-central-vermont-eye-care-announce-data-breaches/
  7. https://www.georgiatrend.com/2019/12/01/healthcare-hacks/
  8. https://caselaw.findlaw.com/ga-court-of-appeals/1209045.html
  9. https://www.fiercehealthcare.com/providers/georgia-lawmakers-naacp-ask-hhs-irs-investigate-wellstars-atlanta-hospital-closure
  10. https://casetext.com/case/wellstar-health-sys-v-green
  11. https://casetext.com/case/jimenez-v-wellstar-health-system
  12. https://caselaw.findlaw.com/court/ga-court-of-appeals/2135702.html
  13. https://www.wsbtv.com/news/local/atlanta/fulton-county-targeting-wellstar-with-potential-department-justice-investigation/CWXMSRCLPJA77OQWPFEFNY27W4/
  14. https://www.wellstar.org/corporate-purchasing/code-of-conduct
  15. https://www.news-daily.com/news/wellstar-unitedhealthcare-contract-squabble-going-down-to-wire/article_3922fcab-09e7-5833-af9a-18cf373b51d0.html
  16. https://violationtracker.goodjobsfirst.org/parent/wellstar-health-system
  17. https://www.hipaajournal.com/april-2022-healthcare-data-breach-report/
  18. https://caselaw.findlaw.com/ga-court-of-appeals/1335227.html
  19. https://decaturish.com/2023/03/fulton-county-filing-doj-complaint-over-wellstar-health-system-hospital-shutdowns/
  20. https://www.11alive.com/article/news/local/wellstar-federal-complaints-georgia/85-ace571d0-9e7b-4bf7-9aaa-9f1ad4e77d32
Breach Submission Date Sep 21, 2023
Converted Entity Name Wellstar Health System
Converted Entity Type Healthcare Provider
State GA
Individuals Affected 728
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes