Georgia Urology Data Breach Affects 12,398 Patients: PHI Exposed

On March 27, 2025, Georgia Urology disclosed a data breach affecting 12,398 individuals. The breach involved unauthorized access to two employee email accounts, which may have exposed sensitive personal and protected health information (PHI).

Georgia Urology first discovered unusual activity associated with these two employee email accounts on or around October 25, 2024. Upon discovery, the company immediately took steps to address the issue and engaged an external Cyber Incident Response Team to conduct a comprehensive investigation. The investigation revealed that certain emails and attachments within these compromised accounts may have been accessed or acquired without authorization.

A thorough review was conducted to identify the nature of the information involved, the individuals affected, and their contact details. This detailed review was completed on March 5, 2025.

The information potentially exposed in this data breach includes personally identifiable information (PII) such as names, addresses, Social Security numbers, driver's license numbers, and dates of birth. Additionally, protected health information (PHI) such as treatment or diagnosis information, medical history information, COVID vaccination information, and health insurance information may have also been compromised.

At this time, there is no evidence indicating misuse or attempted misuse of any of the exposed information. However, due to the sensitive nature of the data involved, affected individuals should remain vigilant and take proactive steps to protect their personal and medical information.

Georgia Urology's response

In response to this data breach, Georgia Urology has taken several steps to mitigate the impact and prevent similar incidents in the future. The company engaged cybersecurity experts to investigate the incident thoroughly, identify the scope of the breach, and secure their systems.

Georgia Urology has also provided written notifications to all potentially affected individuals, detailing the incident and providing guidance on steps they can take to protect themselves.

Additionally, the company has established a toll-free call center to answer questions and address concerns related to the breach. Affected individuals can reach this call center at 1-833-998-7776, Monday through Friday, between 8:00 a.m. and 8:00 p.m. Eastern Time.

Georgia Urology recommends that affected individuals take the following steps to protect themselves:

• Monitor financial accounts and immediately report any suspicious activity or unauthorized transactions.
• Obtain a free credit report from each of the three nationwide credit reporting agencies by visiting Annual Credit Report or calling 1-877-322-8228.
• Consider placing a fraud alert or security freeze on credit reports through the three nationwide credit reporting agencies (Equifax, Experian, and TransUnion).
• Review additional resources provided by the Federal Trade Commission at FTC Identity Theft.

The full notice provided by Georgia Urology can be viewed on the company's website at Georgia Urology's Notice of Security Incident. The breach disclosure is also available on the U.S. Department of Health and Human Services' website at HHS Breach Portal.