A security breach at the University of Cincinnati Health (UC Health) allowed an unauthorized person to access several employees’ email accounts. The breach happened from July 6 to July 12, 2019 and involved a number of email accounts of employees. The investigators of the affected email accounts found patients’ names, healthcare record numbers, certain clinical data and birth dates in them.
After the forensic analysis of UC Health email system, there was no findings of the certainty that the attackers opened or duplicated email messages or file attachments. UC Health is trying to find out specifically which patients were affected by the breach and will send them notification letters soon. UC Health published information about the breach on its web page on September 4, 2019.
UC Health needs to improve its email security and re-train employees on identifying phishing emails and other malicious threats.
The HHS’ Office for Civil Rights has not published the incident yet on its breach portal. So, the number of affected patients is still unknown.
Phishing Attack on Conway Regional Medical Center
A recent phishing attack on Conway Regional Medical Center in Conway, AR resulted in the compromise of patient information. The breach was discovered because of the suspicious activity found happening in employee email accounts. The investigators confirmed that unauthorized access of the accounts became possible because the employees responded to phishing emails.
The following information was found in the email accounts: names, addresses, medical insurance data, Social Security numbers, and some medical data. There’s no evidence that indicates the theft or misuse of patient information. At this time, the number of affected patients is still unclear.
The medical center is looking at its security policies and systems and will update as necessary to minimize the risk of another data breach.