Telehealth software is common today in the healthcare industry and has facilitated treatments. But, technology also has a flip side.

417,000 personal record of patients might be breached due to targeted phishing attacks on Georgia-based Augusta University Health after two cyber attacks that happened nearly a year ago.

According to a notice, hackers targeted the university health system with phishing emails in September 2017 and other cyber attacks hit the health system in July 2018, September 2016 and April 2017. The hackers solicited usernames and passwords, giving them access to a number of internal email accounts. After this matter was unearthed, officials disabled the impacted email accounts.

The notice didn’t explain why was the discovery made nor why did the notice come after almost a year after the cyberattacks. The breach data had demographic information, treatment information, medical data, surgical details, medications, diagnoses, dates of service and/ or insurance information. This type of data is used for medical fraud by hackers. Some patients’ Social Security and driver’s license numbers were also included.

Officials mentioned that their investigation is almost complete. Notifications will be sent to impacted patients in the coming weeks and one year of free credit monitoring will be included.