Burlington-based University of Vermont Medical Center began notifying patients July 21 after an employee's email account was breached, compromising patients' protected health information.
On May 24, UVM Medical Center officials discovered an unauthorized individual not affiliated with the hospital gained access to an employee's email account May 22. Hospital officials immediately shut down the email account and launched an investigation. They determined an email in the account contained information from 2,300 patients, which may have included names, dates of birth, addresses, treatment, medications and physicians' names. Social Security numbers or financial information were not included in the email.
There is no evidence any of the patients' information "was ever used in any way," according to a hospital notice. The hospital has established a dedicated call center to address patients' questions.
"To help prevent something like this from happening in the future, we are implementing additional security measures and are reinforcing education with our staff to assure protection of our patients' information," reads the notice.
Becker's reached out to UVM Medical Center, but hospital officials declined to offer additional comment.
More articles on health IT:
AMIA supports draft ONC interoperability framework
HHS OCR revises 'Wall of Shame' breach portal
Women's health group notifies 300k patients following ransomware attack