UConn Health Data Breach (2018)

UConn Health is warning patients about a data breach that could impact more than 300,000 people. UConn Health released a statement saying they recently learned “that an unauthorized third party illegally accessed a limited number of employee email accounts” and said it has secured the impacted accounts. UConn Health said it learned on Dec. 24 that the accounts contained some personal information, including some individuals’ names, dates of birth, addresses and limited medical information, such as billing and appointment information. The accounts also contained the Social Security numbers of some individuals. UConn Health has identified around 326,000 people whose personal information was contained in a compromised email account and the information included Social Security numbers for around 1,500 people. It's not know if an unauthorized party saw or obtained the information and UConn Health said it is not aware of any instances of fraud or identity theft and said the breach had no impact on UConn Health’s computer networks or electronic medical record systems. People who might have been affected will be receiving letters by mail if UConn Health has a valid mailing address for the person. UConn Health said it is offering free identity theft protection services to individuals whose Social Security numbers may be impacted. UConn Health on Friday disclosed that an unauthorized third party had accessed employee email accounts, potentially breaching the privacy of 326,000 patients and others. Of that number, 1,500 could have had their social security numbers exposed, UConn Health said. For others, potentially acquired details include names, dates of birth, addresses, and billing and appointment information, according to a forensic investigator’s findings just before Christmas. Most of those that could be affected are patients, while a small portion are UConn employees, the state-led, Farmington-based health system, anchored by John Dempsey Hospital, said. "A malicious actor used a phishing attack to exploit the users of our email system," spokesman Delker Vardilos said. "We do not know the identity of the individual or individuals who gained unauthorized access to our email system." UConn Health said it has sent letters to potentially impacted individuals and is also offering free identity theft protection services to the 1,500 whose social security numbers could have been exposed. UConn said it also notified law enforcement, as required under state law. In 2013, UConn Health notified more than 1,550 patients that two former employees had accessed patient records inappropriately. The University of Connecticut Health Center has notified some 1,400 patients of a healthcare data breach after discovering in January that a former employee had accessed patient records inappropriately.