top of page

Cybersecurity and Health Care Centers

People tend to visit their doctor every now and again for the annual check-ups, scrapes, and other issues. As the patients visit their respective doctor, the office requires certain information and the doctor have their notes from the visit. This information is important to us and have value. Most of the time, securing this is not an issue. This was not the case for Navicent Health. Navicent Health is based in Macon, GA. This is one of middle Georgia’s largest employers and healthcare providers. This is also the second largest hospital.

The attackers focused on the hosted staff email system. This, fortunately, did not include the EHR system or network. The staff email system did however contain the patient’s private personal information. This included the patient's name, data of birth, address, limited medical information, and a portion of the patient also had their social security number exposed. To top off the list, there was also billing and appointment scheduling data.

The successful attack occurred in July 2018. Curiously, this was detected on January 24, 2019. Navicent did notify law enforcement of the attack and breach. The breach affected 278,016 patient’s PHI and PII. The patient’s data was located on the compromised email server. Navicent was not completely sure I the attackers viewed or downloaded the patient’s data. To be conservative, it is presumed the attackers had.

The company contracted with a third party forensics firm to investigate the issue. They also notified the affected parties. They were offering, in response to the breach, free ID theft protection. This was limited to the patients with their social security number exposed. The patient recommendation is for them to monitor their credit report and account statements. To alleviate the potential for this to happen again, the management is reviewing additional staff education and adding other technology.

There were a number of issues with this successful attack. First, there needed to be additional training for the staff. Also as a significant issue, there was a rather significant time lag from the attack date to the detection date. The successful attack was in July 2018. The detection occurred on January 24, 2019. This was a rather long time to detect a rather significant issue. There has been no comment as to why this took so long.


Abrams, L. (2019, April 17). Navicent health data breach exposes patient’s personal info. Retrieved from

Corley, L. (2019, March 22). Navicent health announces cyber attack targeting its email system. Retrieved from

Davis, J. (2019, March 25). Navicent health reports data breach from july 2018 cyberattack. Retrieved from

Dissent. (2019, March 22). Navicent health announces cyber attack targeting its email system. Retrieved from

Drees, J. (2019, April 16). Update: Data breach exposes 278,000 navicent health patients’ information. Retrieved from

HIPAA Journal. (2019, March 25). PHI exposed in three recent email security incidents. Retrieved from

Inforisktoday. (2019). Cyberattack exposes PHI in email attacks. Retrieved from

Marlin, L. (2019, March 26). Email breaches in three states expose protected health information. Retrieved from

McGee, M.K. (2019, April 5). Cyberattack exposes phi in email accounts. Retrieved from

Navicent Health. 92019). Notice of data security incident. Retrieved from

Spamfighter. (2019). Navicent health reported data breach due to a cyberattack. Retrieved from

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page