Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients.
The security breach took place between June 2020 and January and impacted more than 209,048 individuals. Potentially exposed data include social security numbers, insurance information and medical information.
“Thousands of patients at UMass Memorial Health have been notified of a data breach involving the health system’s email system.” reads a post published by The Telegram & Gazette.
“Some of the emails accessed by hackers included patient information, such as Social Security numbers and medical-related data. The breach affected more than 209,048 individuals, according to the U.S. Department of Health and Human Services, which documents such incidents.”
The healthcare system already notified impacted patients.
“Our investigation to determine the nature and scope of the incident determined on January 27, 2021, that a limited number of UMass employees’ email accounts may have been accessed by an unauthorized person,” reads the notice sent to the patients. “On August 25, 2021, we completed the process of identifying individuals with information contained in the accounts. For patients, the information involved included names, dates of birth, medical record numbers, health insurance information, and clinical or treatment information, such as dates of service, provider names, diagnoses, procedure information, and/or prescription information. For health plan participants, the information involved included names, subscriber ID numbers, and benefits election information. For some individuals, a Social Security number and/or driver’s license number was also involved.”
At this time, the healthcare system was not able to determine how much of the personal information may have been infiltrated. The organization will provide free credit monitoring and data protection assistance to the impacted individuals.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, UMass Memorial Health)
[adrotate banner=”5″]
[adrotate banner=”13″]