Public hospital in Georgia says it was hacked last year—intruders were inside its network for days

A county-owned hospital in Georgia revealed last week that it suffered a data breach in May 2025, which resulted in personal information being accessed by hackers. 

Emanuel Medical Center (EMC), a nonprofit facility operated by the Emanuel County Hospital Authority in service of the public, confirmed in a notice that it has begun sending alerts to all those impacted, as required under the Health Insurance Portability and Accountability Act (HIPAA), wherein identity theft protection services and complimentary credit monitoring are being offered. 

According to the hospital, compromised files contained names, dates of birth, Social Security numbers, health insurance information, and driver’s license numbers. Additionally, medical records on some patients were viewed by cybercriminals, which may contain details on care delivery, diagnoses, prescriptions, lab reports and more. 

Precisely what records were viewed varies based on the individual, EMC confirmed. It’s not clear if files were moved offsite, but when accessed by hackers, it’s typically assumed files were stolen.

As for how the nefarious individual(s) gained access, EMC did not provide many details. The nature and full scope of the attack were not revealed, and the total number of victims was not provided on the notice. 

The number will eventually show up on the U.S. Department of Health and Human Services’ (HHS) data breach tracker, once an official tally is submitted to the government.

Subscribe to Health Exec News

Four days inside the network

As for the reason for the delay in notifying victims, EMC said it was due to the lengthy investigation into the incident, which included working with an outside firm to pinpoint which files were impacted during the time intruders spent snooping around inside the hospital network. 

“Once we identified the potentially affected files, we promptly engaged a data-review firm to determine what information was contained in those files,” the hospital wrote. “We recently received the results of that review, and we have been working since that time to compile contact information for notifying impacted individuals.”

EMC said it first detected suspicious activity on May 22, 2025, at which time law enforcement was apprised of the situation. The hospital added that it “immediately took steps to secure” all systems and “began working with cybersecurity experts” to assist with an investigation. 

However, it appears hackers remained inside for a couple of days after detection. EMC said the investigation concluded that an unauthorized third party was inside hospital systems from May 2124, 2025—approximately four days. 

No hacker group has claimed credit for the data breach. It’s unclear if any data trove was taken or put up for sale anywhere on the dark web, or what—if anything—resulted from patient data being stolen. 

In its notice, EMC asked victims to report any incidents of identity theft or fraud to their financial institutions.

Its full letter can be found by clicking here

Chad Van Alstin Health Imaging Health Exec

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Subscribe to Health Exec News

Subscribe to Health Exec News