Email account hack at UMC Physicians puts data of 18,000 at risk
UMC Physicians, part of the UMC Health System in Lubbock, Texas, is notifying 18,000 patients after the hacking of an employee’s email account.
The organization’s information technology department discovered the attack on May 18 and notified local law enforcement and the FBI.
After the hack was discovered, security protections were strengthened to reduce the potential for future incidents. Presently, there is no evidence of actual or attempted misuse of personal information, according to a notice from UMC Physicians.
The health system serves residents in western Texas and eastern New Mexico.
Compromised information includes patient names, addresses, phone numbers, medical record numbers, diagnoses, dates of birth, dates of service, health insurance information and Social Security numbers. Affected individuals have been offered one year of credit monitoring and identity restoration services from an undisclosed data security vendor.
As has become common following suggestions from the HHS Office for Civil Rights, the organization apologized to patients.
“UMC and UMCP understand this incident may create worry and inconvenience for patients, and the health system sincerely apologizes and regrets that this incident has occurred,” patients were told.
The organization noted changes in security and its concern for protecting patient information. “UMC Health System maintains high standards for security and the protection of personal information we hold. To that end, UMC recently became the second hospital in Texas to receive a certificate from the Health Information Trust Alliance. By achieving this designation, UMC is recognized as a healthcare leader, demonstrating our commitment to protect the privacy of our patients’ information.”
At UMC, the information technology department is continuously reminding colleagues of the need to be aware when opening email, a spokesperson tells Health Data Management.
Younger associates in general are more careful about what they are clicking on and better recognize tell-tale signs such as misspellings in the email message box that could indicate malware, and they more likely notify the IT department while older associates may miss the danger signs.