Cyber attack at Augusta University exposes information for 417K people

CSRA News

Cyber security attacks at Augusta University put the personal information of hundreds of thousands of people at risk.

CLICK HERE if you are concerned about your information and want to learn more about the cyber attack on Augusta University.

On Thursday, NewsChannel 6’s Ashley Osborne talked to President Dr. Brooks Keel about the incident.

Dr. Keel explains the hacker gained access to personal and protected health information for about 417,000 people. However, he says there is no evidence at this time to suggest any of the information was actually used.

AU’s announcement about a hack comes just one day after the first day of classes in the new Cyber Innovation and Training Center in Downtown Augusta.

“It’s an incident that we deeply deeply regret and I want to apologize again for any inconvenience that we’ve caused any individuals. We are aggressively addressing this issue,” says Dr. Keel.

Dr. keel says the hack has prompted several changes. First he created a new position in the area of IT and Risk Management.

“We’re doing multifactor authentication,” Dr. Keel describes. “We’re prohibiting the use of this protective health information in emails amongst clinical staff. We are limiting the size of email accounts and logs that a person can have on their particular computer.”

There were two separate attacks. One happened back in September of 2017. The second happened in July of 2018. AU hired a forensic analysis company when the first attack happened back in September Investigators are in the process of determining the scope of the second attack, but they think it is smaller than the first.

Dr. Keel explains why the announcement has been months in the making.

“There were more than 360,000 documents that were associated with those 24 email accounts and over 3.5 million lines of text that had to be manually gone through, each line, line by line to determine if there was in fact an individual’s name and one of a number of identification issues—social security number, driver’s license number, PHI, those sorts of things—and then that file had to be collated and that’s an incredibly extensive, long and complex process.”

Dr. Keel says, this kind of incident stresses need for their cyber security program.

“Like any other system out there hospital, company, business or even government. We get attacked daily from across the world,” says Dr. Keel. “We have to try our best to stay ahead of these attacks. It’s not a matter of are we going to be hacked or attacked again. It’s a matter of when,” says Dr. Keel.

Augusta University says the investigation showed the attacks were not a result of misconduct from employees. However, there have been some key leadership changes in the area of IT and Risk Management.

Copyright 2019 Nexstar Broadcasting, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.