The hackers could have had access to data affecting more than 7,000 individuals and companies who do business with the authority, according to a post on JIA's website offering an update on the attack.
JIA sent notices to people with whom the authority believes may have had protected health information affected. As a precaution, JIA will provide potentially affected individuals the option of free credit monitoring through NortonLifeLock.
"While there is currently no evidence that your personal information has been misused, we want to provide you with information about the incident, our response and steps you may take to better protect against possible misuse of your personal information should you feel it appropriate to do so," the JIA wrote in a notice sent to potentially impacted individuals.
JIA discovered an active ransomware attack on its computer systems on Sept. 11 that may have begun in June. The authority immediately launched an investigation to determine the nature and scope of the attack and included third-party computer experts and law enforcement officials in the effort.
"As part of the ongoing investigation, it was determined this attack was introduced by an unknown third party that had gained unauthorized access to servers on our computer systems," according to the notice.
JIA staff began a review of potentially affected systems to determine whether any personal information was present at the time of the attack.
"This review required an extensive programmatic and manual review of the potentially accessed files," the notice states. "The authority concluded this review and determined that personal information was present in the affected systems. Since that time, the authority has been diligently organizing this information and its records for purposes of notifying potentially affected individuals about this incident."
As of Monday, no information had indicated any actual or attempted misuse of sensitive information.
Information that may have been involved include an individual's name, address, medical records arising out of workers' compensation claims or through a suit involving JIA, diagnosis, disability code or other personal information, as well as any records related to any care, services or supplies an individual received from Jekyll Island Fire/EMS.
Credit card information used to pay parking fees or utility bills remains encrypted and has not been compromised, JIA reported.
No reports of anyone experiencing fraud or theft as a result of the attack have been made.
Anyone with questions is asked to call 1-833-531-1171 or email JIA with their name, contact information and question to breach@jekyllisland.com.
©2020 The Brunswick News, Distributed by Tribune Content Agency, LLC.
