UC Health Fell Victim to Phishing Attack Compromising Patient Information

• The compromised email accounts contained patient information such as names, dates of birth, medical record numbers, and clinical information.
• Upon discovery, UC Health immediately took the necessary steps to secure the compromised email accounts.

What is the issue?

UC Health in Cincinnati suffered a data breach compromising patient information after some of its employees fell victim to a phishing attack.

What happened?

UC Health became aware of the phishing attack on July 6, 2019. Upon which, the healthcare provider immediately launched an investigation and determined that unauthorized third-parties gained access to a limited number of employee email accounts between July 6, 2019, and July 12, 2019.

What information was exposed?

• The compromised email accounts contained patient information such as names, dates of birth, medical record numbers, and clinical information.
• However, there is no evidence to believe that any patient information has been misused.

What actions are being taken?

• Upon discovery, UC Health immediately took the necessary steps to secure the compromised email accounts.
• The healthcare organization has hired a leading computer forensic firm to investigate the incident.
• It is also in the process of reviewing the emails and attachments in the accounts to identify whose information may have been compromised.
• UC Health is improving its email security and educating its employees on how to identify and avoid malicious emails, in order to prevent such incidents from happening in the future.

“UC Health takes the privacy and confidentiality of its patients’ information very seriously, and deeply regrets any inconvenience or concern this incident may cause its patients,” UC Health said in a security notice.