Cyber Incident Victim: Georgia Spine and Orthopaedics of Atlanta
Date:
Jul 2018
Location:
United States of America
Summary
A phishing attack compromised an employee's email account at Georgia Spine and Orthopaedics of Atlanta, enabling unauthorized access to patient information. The breach exposed names, medical record details, and, for a smaller subset, Social Security and driver's license numbers, affecting 7,012 individuals. Following discovery, the organization terminated the unauthorized access, conducted a manual review of emails to identify impacted patients, and implemented notifications via mail and a dedicated support hotline. The incident was confined to a single email account, with no evidence of broader system compromise. Affected individuals were advised to monitor financial accounts and credit reports for potential misuse of their data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 11, 2018, Georgia Spine and Orthopaedics of Atlanta (GSO) experienced unauthorized access to an employee’s email account following a successful phishing attack. The attackers used fraudulent emails containing malicious links or documents that compromised the employee’s credentials, a common tactic in phishing scams. GSO discovered the breach and promptly terminated the unauthorized access, though the exact timeline of discovery relative to the July 11 intrusion was not specified in their public statement. The organization engaged external technical and legal experts to investigate the incident’s scope and nature, confirming the breach was limited to a single email account. Forensic analysis revealed the attackers potentially saved a desk copy of certain emails to their own computer during the access period, though GSO noted this retention might have been unintentional. The compromised account contained emails with patient names, mailing addresses, and medical record information, with a smaller subset including Social Security numbers and driver’s license numbers.
GSO initiated a manual review of all emails potentially accessed to identify affected individuals, a process described as tedious and time-intensive due to the need to hand-review documents. This review concluded on October 26, 2018, confirming that 7,012 patients required notification. The organization mailed letters to affected individuals for whom addresses were available, advising them to monitor accounts, credit reports, and consider fraud alerts or security freezes. A toll-free hotline (888-238-5166) was established for 90 days to address inquiries, operating weekdays from 9 AM to 9 PM EST. The breach did not extend beyond the single email account, and no evidence suggested misuse of the exposed data. GSO emphasized the sophistication of phishing threats faced by organizations globally but did not disclose whether additional security measures were implemented post-incident beyond the investigation and notification efforts.