Emory Healthcare system reports data breach of over 1,600 patients

Emory Saint Joseph's Hospital exterior

Georgia-based Emory Healthcare (EHC) has announced a data breach that has impacted over 1,600 patients. Eight Georgians, including former employee Edith Nate Hicks, unlawfully obtained patient records from December 2020 to December 2021. The documents are said to have contained the names, dates of birth and Social Security numbers of patients. Health information, labs and treatment plans were found not to have been shared.

Related: What is a data breach?

In August 2022, the United States Department of Labor (DOL) notified EHC that one of its employees had shared demographic information with outsiders involved in unemployment benefits fraud. An investigation was launched to confirm that the now-former employee, accessed the data for no legitimate work reason.

EHC has stated that they have “fully cooperated with law enforcement during the investigation, arrest and prosecution of individuals involved in the matter and will continue to do so as the case moves forward. We followed the instructions of the DOJ regarding the timing of this notification and is now notifying patients whose information is believed to have been involved in this incident and for whom EHC had last known addresses.”

EHC has notified the patients who were affected and posted a notice on their website explaining what occurred and the step being taken to solve the issue.

In November 2022, Edith Nate Hicks was arrested in connection to the fraud and pleaded guilty to conspiracy to commit fraud. Hicks may be sentenced to up to 20 years in jail.

During the pandemic, the eight defendants allegedly filed over 5,000 fraudulent unemployment insurance claims and received over $30 million in unemployment benefits using the patient records they had obtained.

SEE RELATED: 3 insider threats you need to plan for

Try Paubox for free

Paubox Email Suite for HIPAA compliant email

Keep your patient data safe from ransomware, phishing attacks and other dangers with advanced email threat protection.

Start for free

About the author

Anna Flairty

Read more by Anna Flairty

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport