In July 2019, the health system discovered that an unauthorized third party had gained access to an employee’s email account, which stored patient information. There is no evidence that patient information was removed from the email account.
Patient data that may have been exposed included names, dates of birth, account and/or medical record numbers, provider names, lab results, diagnostic information, prescriptions, procedures and other treatment information. A limited number of Social Security numbers, driver’s license numbers, health insurance information and passport information may have also been affected.
United Regional is recommending patients review any statements they receive from healthcare providers and insurers.
“We sincerely apologize for any inconvenience or concern this incident may cause [patients]. Please know that we continually evaluate and modify our practices to enhance the security and privacy of our patients’ information,” said United Regional in an online statement.
More articles on cybersecurity:
Texas provider alerts 6,500 patients of phishing attack
Connecticut payer alerts 1,100 members of phishing attack
10 tips for hospitals to mitigate ransomware attacks
