UC Health Phishing Attack Affects Multiple Email Accounts

University of Cincinnati Health (UC Health) is looking into a security breach that saw the email accounts of multiple employees accessed by an unauthorized person

The attack took place between July 6 and July 12, 2019 and involved ‘a limited number’ of employee email accounts. A review of the compromised email accounts revealed they included patients’ names, birth dates, medical record numbers, and some clinical data.

A deep dive analysis of UC Health email system was unable to establish whether the hackers opened or copied any emails or email files.  UC Health is making efforts to determine exactly which patients have been affected and notification letters will be shared “in the coming weeks.” UC Health announced the breach on its website on September 4, 2019.

UC Health will be bolserting  email security and re-training employees to help them spot phishing and other malicious emails.

The incident has not yet been published on the HHS’ Office for Civil Rights website, so it is unknown how many patients have been impacted.

Conway Regional Medical Center in Conway, AR has found out that patient information has been compromised in one of the latest phishing attacks. The breach was detected when suspicious activity was seen in employee email accounts. The investigation showed that the accounts had been subjected to unauthorized access due to employees answering phishing emails.

The emails included names, addresses, health insurance details, Social Security numbers, and a small portion of medical information. No evidence was found to imply that patient information was stolen or improperly used. The medical center is looking into its security policies and procedures, which will be edited to reduce the risk of further data breaches.

The breach report officially filed to the Department of Health and Human Services’ Office for Civil Rights shows 37,000 patients were impacted during the incident.

Author: Maria Perez