Cyber Incident Victim: Augusta University Health

In late May 2017, Augusta University Health experienced a cybersecurity incident involving unauthorized access to faculty email accounts through a phishing attack. An unauthorized third party compromised medical faculty email systems, exposing patient health information contained within those accounts. University officials confirmed the breach impacted fewer than 1% of patients in their healthcare system. The attack vector specifically targeted email accounts belonging to medical faculty members, though the exact number of compromised accounts remains unspecified in available disclosures. Upon discovery of the intrusion, Augusta University initiated an investigation to determine the scope and nature of the incident. The organization worked to secure affected email systems and prevent further unauthorized access during their response efforts.

The compromised email accounts contained sensitive patient health information, though specific data elements exposed were not detailed in public statements. As part of their response, Augusta University Health assessed the extent of affected individuals while maintaining operations across their healthcare network. The institution acknowledged the breach through official spokespersons but did not disclose technical specifics regarding detection methods or the duration of unauthorized access. No information was released about whether law enforcement agencies were involved in the investigation. The incident represented a targeted compromise of institutional email systems rather than a broader network intrusion, with impacts confined to patients whose information resided in the breached email accounts. Augusta University's disclosure emphasized the limited percentage of affected patients while confirming the exposure of protected health information through the email system breach.