The Farmington, Conn.-based University of Connecticut Health is acknowledging a data breach in which officials say an unauthorized third party illegally accessed employee email accounts.
On Dec. 24, 2018, officials from the academic medical center said they determined that the breached accounts contained some personal information, including some individuals’ names, dates of birth, addresses and limited medical information, such as billing and appointment information. The accounts also contained the Social Security numbers of some individuals.
Upon learning about the incident, UConn Health officials said they secured the impacted accounts to prevent further unauthorized access.
A local report from WFSB in Connecticut said that about 326,000 people were potentially impacted, and for about 1,500 patients, Social Security numbers were breached. For these individuals, UConn Health is offering free identity theft protection services.
“At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident, and do not know if any personal information was ever viewed or acquired by the unauthorized party. Nevertheless, because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts. The incident had no impact on our computer networks or electronic medical record [EMR] systems, according to a privacy notice from the patient care organization.
Phishing attacks continue to be a serious problem in the healthcare industry, yet research still finds that the healthcare industry continues to trail behind many other industries in its phishing resiliency.