An unauthorized party accessed the email accounts of several UConn Health employees last Christmas Eve, in a data breach that reportedly may affect up to roughly 326,000 patients.
In an online disclosure, the Connecticut-based academic medical center revealed that the breached data includes, names, dates of birth, addresses and “limited medical information such as billing and appointment information.” The health care provider said some of the exposed accounts also contained Social Security Numbers; media reports have put the number of these accounts at approximately 1,500.
“At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident and do not know if any personal information was ever viewed or acquired by the unauthorized party,” the online disclosure states. “Nevertheless, because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts. The incident had no impact on our computer networks or electronic medical record systems.”
In response to the Dec. 24, 2018 incident, UConn Health mailed notification letters to potentially impacted individuals, contacted law enforcement and hired a forensic security firm for investigating purposes.