UPMC Cole notifies 800 patients about potential data compromise

An estimated 790 patients from UMPC Cole in Coudersport, Pa., may have had their protected health information inappropriately accessed by hackers during two separate email phishing attacks that occurred one week apart in June.

UMPC Cole discovered the attacks — which occurred June 7 and June 14 — after staff informed hospital officials that they had received suspicious emails. The hospital immediately blocked inappropriate access to the affected email accounts.

Although the breach was limited to email accounts, some of these accounts contained patients' names, dates of birth, scheduling information, types of procedures, names of providers and other general treatment information. Importantly, no Social Security numbers were accessed during the phishing attacks.

UPMC Cole mailed notification letters to all of the affected patients, and has set up a dedicated call line to answer any patient questions related to the incident.

"We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected," UPMC Cole President and Senior Executive Ed Pitchford said in a July 16 statement on the organization's website. "UPMC is committed to meeting our patients' privacy expectations. We cannot confirm if any of the information was used for improper purposes, but, out of an abundance of caution, we deemed it appropriate to inform those possibly affected by this breach."

Becker's Hospital Review reached out to UPMC Cole for comment. This story will be updated as more information becomes available.

More articles on cybersecurity:

Healthcare organizations hit hardest by breach costs
Texas physician group notifies 18K of data breach after email hack
Children's Mercy facing class-action lawsuit after data breach

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers