MARIETTA, Ga. — Wellstar notified patients after a recent data breach, the health system announced Friday.
In a statement, Wellstar said there was a data security incident involving access to two Wellstar email accounts by an "unauthorized-party."
"Upon learning of this issue, Wellstar promptly disabled access to the impacted email accounts and required mandatory password resets to prevent further access by unauthorized parties. Wellstar immediately commenced a prompt and thorough investigation, working closely with external cybersecurity professionals," the health system said.
After the investigation, Wellstar discovered on Feb. 7 that one or more email accounts were accessed between Dec. 6, 2021 and Jan. 3, 2022, containing personal or protected health information – including names, medical record numbers, Wellstar account numbers and lab information. Wellstar added that social security numbers and financial information were not included in the information that may have been accessed during the data breach. The incident does not affect all individuals who have received testing from Wellstar.
"Wellstar has no evidence to suggest that any data is misused or otherwise in the possession of someone it should not be. However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts," Wellstar said.
Letters have been sent out to inform those who may have been affected by the data breach. Individuals who have been notified should also continue to monitor insurance statements for any transactions related to care or services that they did not receive.
"Since the date of this incident, Wellstar has taken measures to improve its technical safeguards in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards on its email system and providing additional training to employees to increase awareness of the risks of malicious emails," the health system said.
For more information about Wellstar's data breach incident, call its patient response line at (855) 482-1584. It's available Monday through Friday 9 a.m. to 6:30 p.m. ET (8 a.m. to 5:30 p.m. CT).