The University of North Carolina Chapel Hill School of Medicine began notifying 3,716 patients Nov. 12 that their information may have been exposed in a phishing attack.
After an extensive review done by an independent forensic firm, UNC school of medicine officials learned that between May 17, 2018, and June 18, 2018, an unauthorized user had access to a limited number of employee email accounts.
Patient data that may have been exposed included names, dates of birth, demographic information, health insurance information, Social Security numbers, financial account information and credit card information. UNC school of medicine's patient care systems and EHR were not affected.
UNC Chapel Hill School of Medicine is offering patients who had their Social Security numbers affected free credit monitoring and identity protection services. Officials recommend patients review any statements they receive from their healthcare providers and insurers.
"To help prevent something like this from happening again, UNC School of Medicine has implemented multi-factor authentication to increase the security of its email accounts and has enhanced employee training on phishing recognition and awareness," the university said in a statement.