AUGUSTA, Ga. (WJBF)- Friday evening, all employees and students at Augusta University and AU Health were required to change their password in response to what they say was a “significant” risk.
An AU rep said that a small number of employees provided their security information in a phishing attack last week.Phishing is when hackers use something that looks like a legitimate ellectronic communication to get sensitive information like usernames, passwords, and credit card info.
There’s a lot computer hackers can do with your login information.
“Building this intelligence on people will allow you to essentially help with identity theft, management systems, things like that,” said John Creekmore, executive director of the Cyber Discovery Group, which is a non-profit dedicated to raising public awareness of cyber security.
Those are the kind of things cyber security experts are trying to prevent. Augusta University hosted some of those experts last Friday and Saturday at the BSides conference to teach and discuss the latest in cyber security. Hundreds attended from across the country.
“When you bring a lot of defenders, you will draw the attention of a lot of offenders as well,” Creekmore said.
Friday, the entire university was prompted to change their passwords in response to what the university tells us was a phishing attack that affected a small number of employees.
“I can say that historically, other places that’ve had these events have had incidents as well,” Creekmore said.
There is no confirmed link to the alleged hackers and the BSides conference at this time.
“So if it is the case that Augusta University has had an incident that’s confirmed, then it’s not the end of the world, there are precautions and steps that can be taken,” Creekmore said. “There are controls, and the damage, if there is any, to the students or users at this time, might even be negligible.”
The university says they have no indication that any healthcare information has been compromised, which Cyber expert John Creekmore says is among the damaging things hackers can steal.
“The value of a medical record for a person’s electronic personal health information is significantly higher than their social security number,” he said. “You can completely bankrupt an organization just by breaching 500 more records because they now have to report to health and human services.”
AU is working with the GBI to investigate those employees whose direct deposit information was illegally changed.
A university representative says no payroll information was transferred.