Hacker accessed medical info at UMass Memorial Health

A cyber attack hit the UMass Memorial Health, threat actors had access to employee email system, potentially exposing patients info.

Threat actors hacked into the employee email system of the UMass Memorial Health healthcare system, potentially accessing the personal information of thousands of patients.

The security breach took place between June 2020 and January and impacted more than 209,048 individuals. Potentially exposed data include social security numbers, insurance information and medical information.

“Thousands of patients at UMass Memorial Health have been notified of a data breach involving the health system’s email system.” reads a post published by The Telegram & Gazette.

“Some of the emails accessed by hackers included patient information, such as Social Security numbers and medical-related data. The breach affected more than 209,048 individuals, according to the U.S. Department of Health and Human Services, which documents such incidents.”

The healthcare system already notified impacted patients.

“Our investigation to determine the nature and scope of the incident determined on January 27, 2021, that a limited number of UMass employees’ email accounts may have been accessed by an unauthorized person,” reads the notice sent to the patients. “On August 25, 2021, we completed the process of identifying individuals with information contained in the accounts. For patients, the information involved included names, dates of birth, medical record numbers, health insurance information, and clinical or treatment information, such as dates of service, provider names, diagnoses, procedure information, and/or prescription information. For health plan participants, the information involved included names, subscriber ID numbers, and benefits election information. For some individuals, a Social Security number and/or driver’s license number was also involved.”

At this time, the healthcare system was not able to determine how much of the personal information may have been infiltrated. The organization will provide free credit monitoring and data protection assistance to the impacted individuals.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, UMass Memorial Health)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.