DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UConn Health: 326,000 could be impacted by recent phishing attack

Posted on February 22, 2019 by Dissent

Matt Pilon reports:

UConn Health on Friday disclosed that an unauthorized third party had accessed employee email accounts, potentially breaching the privacy of 326,000 patients and others.

Of that number, 1,500 could have had their social security numbers exposed, UConn Health said. For others, potentially acquired details include names, dates of birth, addresses, and billing and appointment information, according to a forensic investigator’s findings just before Christmas. Most of those that could be affected are patients, while a small portion are UConn employees, the state-led, Farmington-based health system, anchored by John Dempsey Hospital, said.

Read more on Hartford Business.

The following  statement appears on UConn Health’s  site:

Notice of Data Security Incident

UConn Health recently learned that an unauthorized third party illegally accessed a limited number of employee email accounts. Upon learning of the incident, we immediately took action, including securing the impacted accounts to prevent further unauthorized access and confirming the security of our email system. We also notified law enforcement and retained a leading forensic security firm to investigate and conduct a comprehensive search for any personal information in the impacted email accounts.

On December 24, 2018, we determined that the accounts contained some personal information, including some individuals’ names, dates of birth, addresses and limited medical information, such as billing and appointment information. The accounts also contained the Social Security numbers of some individuals.

At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident, and do not know if any personal information was ever viewed or acquired by the unauthorized party. Nevertheless, because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts. The incident had no impact on our computer networks or electronic medical record systems.

We have mailed notification letters to potentially impacted individuals for whom we have a valid mailing address. That notice includes information on steps individuals can take to protect themselves against potential fraud or identity theft. In addition, we are offering free identity theft protection services to individuals whose Social Security numbers may be impacted. As a general matter, we recommend that individuals regularly monitor credit reports, account statements and benefit statements. If individuals detect any suspicious activity, they should notify the entity with which the account is maintained, and promptly report the suspicious activity to appropriate law enforcement authorities, including the police and their state attorney general. In addition, anyone looking for information on fraud prevention can review tips provided by the FTC at www.ftc.gov/idtheft.

We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause. We have taken and will continue to take steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls.

Individuals with questions may call our dedicated toll-free inquiry line at 1-877-734-5353 between 9 a.m. and 9 p.m. Eastern Time, Monday through Friday.


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • North Country Healthcare responds to Stormous's claims of a breach
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health DataPhishing

Post navigation

← California CPA firm notifies clients after falling for a tech support scam
VT: Rutland Regional Medical Center notifies patients after employee email accounts hacked →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.