Pittsburgh-based UPMC has been working with law enforcement agencies and regulators to respond to third-party data breaches, Pittsburgh Post-Gazette reported Aug. 21.
In June, the health system notified 25,000 patients that some of their healthcare information had been disclosed in a breach of billing and collection services company, Intellihartx. An analysis by the Post-Gazette found that Pittsburgh-based Highmark and UPMC have dealt with 19 combined data breaches in the last decade.
In January, UPMC and Highmark joined the Health 3rd Party Trust Initiative and Council, an organization dedicated to improving cybersecurity risk associated with third-party vendors.
"When we or our vendors have been affected by data incidents, UPMC has worked quickly with law enforcement to investigate and with regulators to notify patients so that they can take the proper precautions to protect themselves," UPMC Chief Technology Officer Chris Carmody, told the Post-Gazette. "In some instances, that has involved free credit monitoring services provided by UPMC or our vendors."