Atlantic General Hospital Experiences Privacy Incident

Atlantic General Hospital (AGH) is providing notice of an incident that may affect the privacy of information. The following provides details of the incident, AGH's response, and steps individuals may take to better protect against possible misuse of their personal information, should they feel it appropriate to do so. 

On January 29, 2023, AGH discovered encrypted files on certain computer systems. AGH immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. The investigation determined that there was unauthorized access to certain of its servers beginning on January 20, 2023. Through the investigation, AGH learned that certain files within its network were subject to unauthorized access during the period of unauthorized access. AGH then undertook a comprehensive review of these files to determine what data was contained within the files and to whom that data relates. On March 6, 2023, AGH determined that the impacted files contained certain information related to patients and/or employees. On March 24, 2023, AGH began mailing letters to potentially impacted individuals. AGH has seen no evidence of misuse of any information related to this incident. 

While the specific data elements vary for each potentially affected individual, the scope of information potentially involved includes an individual's name and one or more of Social Security number, driver's license number, financial account information, date of birth, medical record number, treating/referring physician, health insurance information, subscriber number, medical history information, diagnosis/treatment information. 

Upon discovery, AGH immediately commenced an investigation to confirm the nature and scope of the incident. AGH reported this incident to law enforcement and are taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security. 

AGH encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and monitoring free credit reports for suspicious activity, and detect errors.