The University of Connecticut Health Center recently suffered a breach that potentially compromised personal data of around 326,000 individuals. In an official statement, the health center stated that unknown intruders accessed the email accounts of several UConn Health employees on December 24, 2018, affecting 326,000 patients’ information.
UConn Health provides health services to the citizens of Connecticut through innovative integration of research, education, and clinical care. The Connecticut-based academic medical center stated the breached data includes, names, dates of birth, addresses, social security numbers, billing and appointment information, and other medical information.
The health center stated that it’s enhancing the security of the impacted accounts to prevent further unauthorized access. It also notified the law enforcement and retained a forensic security firm to investigate for any personal information in the impacted email accounts.
“At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident and do not know if any personal information was ever viewed or acquired by the unauthorized party. Nevertheless, because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts. The incident had no impact on our computer networks or electronic medical record systems,” the health center said in a statement.
UConn Health is offering free identity theft protection services to the patients who impacted in the breach. It also suggested the affected individuals monitor their credit reports, account statements, and benefit statements for any suspicious activity.
“We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause. We have taken and will continue to take steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls,” the statement added.
This article appeared originally in CISO MAG here.