- The incident occurred after hackers gained unauthorized access to a limited number of employee email accounts.
- The data compromised in the breach includes some individuals’ names, dates of birth, and addresses.
UConn Health is notifying about 326,000 people about a potential data breach that occurred last year. The incident occurred after hackers gained unauthorized access to a limited number of employee email accounts.
What happened - In its breach notification, the healthcare firm disclosed that it came to know about the breach on December 24, 2018. Upon discovery, it was quick to take security measures to prevent the impacted accounts from leaking data in the future.
What data was compromised - The data compromised in the breach includes some individuals’ names, dates of birth, addresses, and limited medical information such as billing and appointment information. Around 1,500 people had Social Security number compromised in the breach.
It’s not known if the hackers have misused the stolen information for any nefarious activity such as fraud or identity theft.
“At this point, we are not aware of any fraud or identity theft to any individual as a result of this incident, and do not know if any personal information was ever viewed or acquired by the unauthorized party. Nevertheless, because we cannot isolate exactly what, if any, information may have been accessed, we notified individuals whose information was in the impacted accounts,” the firm said in its notification.
What actions have been taken - Following the discovery of the breach, UConn Health took some crucial steps as a part of its security measures. This includes:
- Enhancing the security of its email system.
- Notifying all the impacted people about the breach. The notice includes guidelines on how to identify potential fraud or identity theft.
- Providing one-year free identity theft protection services to individuals whose social security numbers may be impacted.
- Urging its customers to regularly monitor their credit card reports, account statements, and benefit statements to detect any suspicious activity.
UConn Health claims that none of its computer networks or electrical medical record systems were affected in the breach.