Hackers use worker survey as pretext for attack at UAB Medicine

UAB Medicine is notifying 19,557 patients that their protected health information was exposed as the result of a recent email hack.

Investigators for the Birmington, Ala.-based organization say that the information could have been viewed by hackers seeking to access employee email accounts and the payroll system, which have increasingly become targets of such attacks.

In this case, the hackers sent an email created to look like an authentic request from an executive asking employees to complete a business survey. Hackers were successful in accessing information despite education and training of employees about this type of phishing attack, the organization told patients in a notification letter.

UAB Medicine Highlands-CROP.jpg

UAB Medicine’s electronic health records and billing systems were not at risk. The organization’s investigation found that emails had been breached in the attack, which occurred on August 7. The organization also engaged cybersecurity firm Kroll to further determine specifics of the attack.

UAB Medicine and Kroll found that the hackers were attempting to divert employee’s automatic payroll deposits to an account controlled by the hackers; UAB Medicine successfully prevented all attempts by the hackers to redirect the payroll, although limited amounts of protected information could have been viewed by the attackers.

In all, about 10 different types of protected information were at risk, which included Social Security numbers for a smaller subset of affected patients. The organization is offering all affected patients one year of free credit monitoring and reporting services.

“UAB takes the protection of our patients’ health information very seriously and sincerely regrets this potential intrusion on your privacy,” patients were told. “The additional security of multifactor authentication also has been implemented for all employee emails. UAB Medicine is committed to protecting patients’ health information and will continue to take steps to prevent this type of attack from happening again.”

For reprint and licensing requests for this article, click here.