Georgia-based Emory Healthcare (EHC) has announced a data breach that has impacted over 1,600 patients. Eight Georgians, including former employee Edith Nate Hicks, unlawfully obtained patient records from December 2020 to December 2021. The documents are said to have contained the names, dates of birth and Social Security numbers of patients. Health information, labs and treatment plans were found not to have been shared.
Related: What is a data breach?
In August 2022, the United States Department of Labor (DOL) notified EHC that one of its employees had shared demographic information with outsiders involved in unemployment benefits fraud. An investigation was launched to confirm that the now-former employee, accessed the data for no legitimate work reason.
EHC has stated that they have “fully cooperated with law enforcement during the investigation, arrest and prosecution of individuals involved in the matter and will continue to do so as the case moves forward. We followed the instructions of the DOJ regarding the timing of this notification and is now notifying patients whose information is believed to have been involved in this incident and for whom EHC had last known addresses.”
EHC has notified the patients who were affected and posted a notice on their website explaining what occurred and the step being taken to solve the issue.
In November 2022, Edith Nate Hicks was arrested in connection to the fraud and pleaded guilty to conspiracy to commit fraud. Hicks may be sentenced to up to 20 years in jail.
During the pandemic, the eight defendants allegedly filed over 5,000 fraudulent unemployment insurance claims and received over $30 million in unemployment benefits using the patient records they had obtained.
SEE RELATED: 3 insider threats you need to plan for
Try Paubox for free
Paubox Email Suite for HIPAA compliant email
Keep your patient data safe from ransomware, phishing attacks and other dangers with advanced email threat protection.