[BreachExchange] UConn Health: 326, 000 could be impacted by recent email breach

Destry Winant destry at riskbasedsecurity.com
Mon Feb 25 01:03:06 EST 2019


http://www.hartfordbusiness.com/article/20190222/news01/190229955/uconn-health-326000-could-be-impacted-by-recent-email-breach

UConn Health on Friday disclosed that an unauthorized third party had
accessed employee email accounts, potentially breaching the privacy of
326,000 patients and others.

Of that number, 1,500 could have had their social security numbers
exposed, UConn Health said. For others, potentially acquired details
include names, dates of birth, addresses, and billing and appointment
information, according to a forensic investigator's findings just
before Christmas. Most of those that could be affected are patients,
while a small portion are UConn employees, the state-led,
Farmington-based health system, anchored by John Dempsey Hospital,
said.

UConn said it can't be certain if the unauthorized party viewed or
acquired any of the private information.

"A malicious actor used a phishing attack to exploit the users of our
email system," spokesman Delker Vardilos said. "We do not know the
identity of the individual or individuals who gained unauthorized
access to our email system."

UConn Health said it has sent letters to potentially impacted
individuals and is also offering free identity theft protection
services to the 1,500 whose social security numbers could have been
exposed.

UConn said it also notified law enforcement, as required under state law.

In 2013, UConn Health notified more than 1,550 patients that two
former employees had accessed patient records inappropriately.

The University of Connecticut Health Center has notified some 1,400
patients of a healthcare data breach after discovering in January that
a former employee had accessed patient records inappropriately.


More information about the BreachExchange mailing list