UW Health says patient info compromised in cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

UW Health said Friday that information on some patients was compromised in a cybersecurity incident that began with the hacking of an employee’s email account.

UW Health said it has no indication that any information has been misused, but, as a precaution, it is mailing notification letters to individuals whose information was identified through its review and for whom it has sufficient contact information.

On Jan. 5, UW Health was investigating an “email incident” when it determined an unauthorized person gained access to an employee’s email account, prompting it to change the employee’s password and contact an unidentified cybersecurity firm for assistance.

People are also reading…

The investigation determined that the unauthorized person accessed the email account and a “limited” number of emails at various times between Sept. 20 and Dec. 5.

A review of the emails that concluded on Feb. 9 found that they included one or more of the following items of patients’ information: names, dates of birth, medical record numbers and/or clinical information, such as dates of service, provider names or diagnoses. The emails did not contain the Social Security number, health insurance ID number or financial information of any patients, UW Health said.

This incident affected only those patients whose information was contained in the emails involved, UW Health said, without specifying how many patients were involved.

UW Health has established a toll-free call center, available 8 a.m. to 5:30 p.m. Monday through Friday, at 866-495-2398 to answer questions about the incident.

The notification letters also remind patients that it is always a good idea to carefully review communications they receive from health care providers to see if there are charges for services they did not receive. If there are, they should contact the health care provider immediately.

UW Health said it is increasing its email security and providing additional workforce training on email best practices. Additional information is available here.


Click Here For The Original Source.

National Cyber Security