Emory Healthcare has been hit with a cyberattack that compromised the records of some 80,000 patients who used an online appointment system.
The Atlanta-based health system's "waits and delays" appointments system was hacked sometime around the turn of the new year, Emory announced earlier this week. After removing the appointments database, the hackers demanded a ransom to restore the site. Emory Healthcare did not say whether it paid the ransom.
The breach affected 79,930 patients of Emory Clinic's Orthopaedics and Spine Center and Brain Health Center. The six-hospital system said the breached database did not include financial information and social security numbers. However, it did expose names, birth dates, contact information, internal medical record numbers and appointment information.
Emory learned about the breach on Jan. 3, and said it is "reviewing and refining" its security measures for internal and third-party computer systems.
Around the same time, Emory Healthcare discovered an unnamed security research center also breached the database. The firm looks for security weaknesses, according to Emory.
Security research center MacKeeper has said in a blog post that it uncovered a poorly configured patient record database that seemed to belong to Emory Brain Health Center.
So far this year, 325,558 patients' data have been breached, according to the U.S. Department of Health and Human Service Office for Civil Rights' Breach Portal, which displays breaches of health data that affect 500 or more people.
Most of the exposed data were from healthcare providers, and Emory's hack is the largest single incident reported in 2017.
The healthcare system sent mailed alerts to the affected patients, who were people who had appointments between March 25, 2015, and January 3, 2017, at the Orthopaedics and Spine Center and between December, 6, 2016, and January 3, 2017, at the Brain Health Center. Emory Healthcare recommends that patients keep an eye on their account statements and credit reports.