The General Health System (GHS), located in Baton Rouge, has recently disclosed on its website that it experienced a data breach in June. The GHS is responsible for operating over 20 healthcare institutions in the Baton Rouge area.
The breach was initially announced in June by WAFB, the local news network, who reported that GHS had temporarily transferred its patient records to paper until it was safe to bring its EMR and other patient networks back online. However, GHS has confirmed the incident in a post they have published on their website.
The post confirms that the GHS had detected an incident that may have affected the privacy of patient information. On June 28, 2022, the GHS detected suspicious activity concerning a computer system. An immediate forensic investigation was conducted in collaboration with a cybersecurity specialist firm to determine what information had been gathered and how it was accessed. The investigation determined that an unauthorized third-party had gained access to GHS’s network in the period of June 24, 2022 to June 29, 2022. After gaining access, the malicious actor was able to access multiple directories. GHS is currently conducting a review of the information potentially accessed in the directories.
Once the review is completed, GHS has promised to send breach notification letters to potentially impacted individuals with detailed description of what information was taken. GHS has urged patients to keep a close eye out for any illegal or suspicious behavior on their credit reports and account statements in order to prevent cases of identity theft and fraud. If a patient does identify a misuse of their information, a report should be immediately issued to the Federal Trade Commision. GHS has also requested patients to seek additional information regarding identity theft, fraud alerts, credit freezes, and the steps to take to ensure the protection of their information by communicating with the state Attorney General, the consumer reporting bureaus, and the Federal Trade Commision.
The GHS has apologized for any inconvenience caused by the data breach. The health provider has also reassured patients of their commitment to mitigating harm and to implementing further security measures to prevent another breach of this nature.