Sensitive data accessed after employee email accounts hacked

A security incident at US medical center UConn Health may have exposed the sensitive details of more than 326,000 patients.

In a statement posted online, UConn Health revealed that an unauthorized third party breached its systems after gaining access to employee email accounts on December 24, 2018.

Potentially compromised data includes patients’ names, dates of birth, addresses, and billing details.

An entry on the US Department of Health and Human Services’ Breach Portal indicates that 326,629 individuals are being notified of the incident.

UConn Health, which is based within the University of Connecticut, is also reportedly offering free identity theft protection services to around 1,500 patients whose Social Security numbers may have been compromised.

It still isn’t clear how the unknown party gained access to the email accounts.

A statement read: “At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident, and do not know if any personal information was ever viewed or acquired by the unauthorized party.

“Nevertheless, because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts.

“The incident had no impact on our computer networks or electronic medical record systems.”

Those impacted have been notified via letter, and have been advised on how to protect their identity following the breach, UConn Health said.

A helpline for patients – 1-877-734-5353 – is open between 9am and 9pm ET, Monday through Friday.

RELATED US healthcare data breach settlements topped $28m in 2018