Georgia DHS Breach

Hackers will go after any target, even a government agency responsible for helping children and families in need. A phishing attack targeting the Georgia Department of Human Services (DHS) has compromised the medical and personal information of individuals involved in Child Protective Services (CPS) and DHS Division of Family & Children Services (DFCS) cases. More details on the Georgia DHS breach are discussed below.

Georgia DHS Breach: What Happened

Georgia DHS released a press release after discovering that an unauthorized entity had gained access to the protected health information (PHI) and personal identifiable information of some of its CPS and DFCS cases. The access stemmed from a phishing attack that provided unauthorized individuals access to a Georgia DHS employee’s email account. 

The phishing attack, that allowed unauthorized access to information from May 3 to May 15, was discovered on August 10, 2020. 

When disclosing the Georgia DHS breach in a press release, DHS stated:

“The information that was compromised as part of the breach varies by person. Individuals affected may have had the following types of information disclosed: full name of children and household members, relationship to the child receiving services, county of residence, DFCS case number, DFCS identification numbers, date of birth, age, number of times contacted by DFCS, an identifier of whether face-to-face contact was medically appropriate, phone numbers, email addresses, social security number, Medicaid identification number, Medicaid medical insurance identification number, medical provider name and appointment dates.”

In addition to that information, 12 individuals also had their counseling notes, psychological reports, medical diagnoses, and substance abuse information exposed in the Georgia DHS breach. One individual’s bank account information was also compromised.

The DHS has conducted an investigation into the incident, and is in the process of notifying the individuals affected by the incident.

Let’s Simplify Compliance

Protect your organization from breaches by becoming HIPAA compliant today!

Learn More!
HIPAA Seal of Compliance

Georgia DHS Breach: How it Could Have Been Prevented

The most effective way to prevent falling victim to a phishing attack, besides implementing security measures, is to train employees. Although security software filters out much of the harmful content that would normally arrive in our inboxes without their protection, some of these harmful emails still come through. This is why it is important to train your employees on how to recognize a phishing attempt, and what to do if they suspect an email is a phishing email.

Although hackers have become more adept at presenting phishing emails as legitimate, there are some telltale signs that an email is malicious. Some things to look for when questioning an email’s validity include:

Misspelling or extra characters in the sender’s email address

An email seemingly coming from a company that lacks a company domain in the email address

Generic greetings

Misspellings in the body of the email

An email that asks you to provide personal information

An email that forces you to click on a link

Unsolicited email attachments

Many employees that receive a phishing email will forward the suspicious email to other members of your organization to ask if they also received the email. This practice is extremely harmful as the phishing email now presents more of an opportunity for one of the employees to click on something malicious. Instead, employees should be aware of your organization’s policies and procedures for reporting suspicious communications.

Need Help with HIPAA?

Let our complete HIPAA solution handle it.