[BreachExchange] UC Health patient information was potentially compromised in email phishing incident

[Destry Winant]

https://www.cincinnati.com/story/news/2019/09/05/uc-health-reports-patient-info-could-involved-email-phishing-incident/2214104001/

A recent email phishing incident may have compromised patient
information at UC Health, according to an announcement released
Wednesday.

An investigation is underway, according to UC Health's release. The
health system said it has hired a leading computer forensic firm to
assist in the investigation.

The incident can be dated back to July 6 when the health system
learned of a phishing attack that led to unauthorized access to UC
Health employee email accounts, the release states. A limited number
of email accounts were accessed between July 6 and July 12.

SUPPORT JOURNALISM: Subscribe today to get access to all of our coverage

Investigators are not sure if the unauthorized person actually viewed
any emails or attachments in the accounts, according to the release.
Officials do expect that some patients' names, dates of birth, medical
record numbers and clinical information were contained in the
accounts, although they are still working to determine which patients
are affected.

Patients involved will be notified in the coming weeks, UC Health
stated in the release. The health system emphasized that they are
still unsure if any patient information has been misused.

Patients with questions are encouraged to call 833-496-0187. Further,
UC Health recommends that patients review their healthcare statements
and if they see any mention of services they did not receive, they
should call their healthcare provider immediately.

UC Health has responded to the incident by enhancing its email
security, the release states. The health system is also reinforcing
employee education on how to identify and avoid malicious emails.