UPMC hospital experiences data breach affecting 1.2k patients

A data breach led to the inappropriate access of at least 1,200 Williamsport, Pa.-based UPMC Susquehanna patients' information, the hospital said in a statement Friday.

UPMC Privacy Officer David Samar said officials first learned of the breach Sept. 21 after an employee reported suspicious activity to the information technology staff.

Hospital administrators determined the information — names, dates of birth, contact information and Social Security numbers — was accessed through a phishing attack. Mr. Samar said officials cannot confirm if the information has been used for improper purposes.

The hospital has reportedly notified HHS and sent letters notifying affected patients. UPMC Susquehanna has also provided patients with information about how to place fraud alerts on their files with three major credit-reporting agencies and supplied patients with links to additional identity protection resources.

Officials set up a toll-free telephone line for patients to call and share their concerns.

UPMC officials have completed a comprehensive review of the incident and will update current procedures to better secure patient information, according to the notice. Those measures include additional staff education, employment screening and other best practices.

Editor's note: Becker's Hospital Review reached out to UPMC Susquehanna for comment and will update the article as more information becomes available.

More articles on cybersecurity:
Alleged incident at Experian Health exposes at least 700 Cook County Health and Hospitals System patients' information
8 cybersecurity predictions for 2018
7 cybersecurity trends from 2017

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months