Farmington-based University of Connecticut Health sent letters to up to 326,000 patients notifying them of a recent data security incident.
A third party illegally gain access to several employee email accounts. As many as 326,000 patients were potentially affected by the attack, according to local news station WFSB.
UConn Health discovered the email accounts were attacked on Dec. 24, 2018. The email accounts contained names, dates of birth, addresses and limited medical information, such as billing and appointment information. Of the patients affected, 1,500 also have their Social Security number at risk.
The security incident had no impact on computer networks or EHRs. The health system is unaware of any fraud or identity theft as a result of the data breach. However, UConn Health is offering identity theft protection to patients whose Social Security numbers may have been affected.
UConn Health has notified local law enforcement and contacted a forensic security firm to investigate the incident and conduct a comprehensive search for any personal information in the affected email accounts.
"We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might have," the notice stated. "We have taken and will continue to take steps to health prevent something like this from happening again, including evaluating additional platforms and educating staff and reviewing technical controls."