By HFT Staff

SouthCoast Medical Group, LLC (SouthCoast Health) and Privia Medical Group of Georgia, LLC (Privia) are providing notice of an incident that may impact the privacy of certain individuals’ information. This incident only occurred within SouthCoast Health’s network. Privia’s network was not affected by this incident. 

On June 18, 2023, SouthCoast Health became aware of unauthorized activity within their network. In response, they promptly took steps to secure their systems and investigate the nature and scope of the event with assistance from third-party forensic specialists. The investigation determined that between June 15 and June 18, 2023, an unauthorized actor gained access to their network and viewed or copied certain files stored on certain systems. They identified the involved files and undertook a comprehensive and time-consuming review to identify sensitive information, the individuals to whom it relates, and address information to be used for notifying impacted individuals. This review was recently completed. 

While SouthCoast Health has no indication of identity theft or fraud in relation to this incident, their review determined that the following types of information were present in the affected files: name, Social Security number, passport number, driver’s license number, vehicle license plate number, state identification number, military identification number, student identification number, taxpayer identification number, date of birth, copy of birth certificate, copy of marriage certificate, mother’s maiden name, medical information, health insurance information, email/username and password or security questions and answers, financial account information, payment card information, and electronic/digital signature. The specific type of information at issue varies for everyone. SouthCoast Health’s electronic medical record (EMR) systems were not impacted by this event. 

SouthCoast Health is mailing a notice letter to individuals whose information was determined to be in the affected files. Upon becoming aware of this incident, they immediately took steps to secure their systems and conducted a full investigation. They have implemented additional security measures to further protect against similar incidents moving forward.