MU Health Care reports PHI breach due to affiliated students' email accounts

Laura Dyrda (Twitter) -

MU Health Care in Columbia, Mo., is notifying patients of a data breach that occurred in September 2019.

The health system realized on Sept. 21, 2019, that an unauthorized individual gained access to select email accounts of University of Missouri students who were affiliated with MU Health Care. The students created email accounts with a third party unrelated to the health system or university but used the same username and passwords as their university email accounts.

The third party then experienced an accounts breach and the cyberattackers may have used the stolen credentials to access the students' university email accounts. The unauthorized access occurred from Sept. 19 to Sept. 26.

The incident only affected patients who had information contained in the students' email accounts, and the health system said there is no indication that the unauthorized individual viewed or misused patient information. However, the students' email accounts included names, birth dates, medical record numbers, health insurance information and limited clinical information for patients.

MU Health Care has identified all patients who had information breached and has mailed notification letters.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.