Skip to main content

Cyberattack targets Georgia Department of Human Services

October 14, 2020 at 4:00 AM
Someone programming a website in HTML. But also a photo suitable for hackers. ;)

The Georgia Department of Human Services was the latest target of a cyber-attack on Friday, officials said.

According to investigators, the attacks occurred between May 3 and May 15, where hackers gained unauthorized access to certain employee email accounts.

After becoming aware of the attack, immediate actions were taken to lock any compromised accounts and block any malicious actors, officials told CBS46 News.

DHS officials learned that the attackers had been able to retain certain emails that contained personally identifiable information and protected health information of children and adults involved in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS) on August 10.

As of September 21, officials were able to examine the emails in question and began identifying the customers whose information had been accessed.

Authorities said the information that was compromised as part of the breach varies by person.

Individuals affected may have had the following types of information disclosed:

  • Full name of children and household members
  • Relationship to the child receiving services
  • County of residence
  • DFCS case number
  • DFCS identification numbers
  • Date of birth, age
  • Number of times contacted by DFCS
  • An identifier of whether face-to-face contact was medically appropriate
  • Phone numbers
  • Email addresses
  • Social security number
  • Medicaid identification number
  • Medicaid medical insurance identification number
  • Medical provider name and appointment dates

In addition, psychological reports, counseling notes, medical diagnoses, or substance abuse information for 12 individuals was included in the breach, authorities told CBS46 News. 

They also said that one individual’s bank account number was disclosed during the attack. 

DHS is working to contact affected clients, while releasing instructions on how to protect themselves from further harm.