Email Breach Affects 10,000 University of Chicago Medical Center Patients
Hackers gained access to the email accounts of University of Chicago Medical Center employees and the data of more than 10,000 patients. An HIPAA email breach at Newton Centre Dental has affected 2,550 patients.
University of Chicago Medical Center, Illinois
University of Chicago Medical Center (UCMC) has completed reviewing the email accounts of a small number of employees who had their accounts accessed by an unauthorized individual earlier this year and has confirmed that the accounts contained the protected health information of 10,332 patients.
UCMC did not state in the notification letters when the breach was detected; however, the forensic investigation confirmed that the accounts were breached between January 4, 2024, and January 30, 2024. Cybersecurity experts were engaged to investigate the incident and confirmed on March 28, 2024, that the compromised accounts contained patient data. The potentially compromised data included names in combination with one or more of the following:
Date of birth, Social Security number, tax identification number, IRS PIN number, passport number, driver’s license/state-issued identification number, military identification number, non-U.S. national identification number, account number, routing number, financial institution name, credit or debit card number and security code or PIN, access information (credentials, security questions/answers, and digital signatures), health information (diagnosis, treatment information, prescriptions, provider names, medical record number/patient identification number, hospital account record number), and health insurance information (Medicare/Medicaid number or health insurance subscriber number).
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
UCMC said it has strengthened security, including enhancing user authentication controls, early alert capabilities, threat monitoring, and detection, and has provided additional training to the workforce on email security. No evidence has been found of any misuse of the affected data; however, as a precaution, the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Newton Centre Dental, Massachusetts
Newton Centre Dental in Holyoke, MA, has recently notified the Maine Attorney General about a security incident involving the data of 2,550 individuals. Suspicious activity was detected in the email account of a Newton Centre Dental employee on June 21, 2023, by its business associate, Affinity Dental Management, which provides administrative services.
The forensic investigation confirmed that the account had been accessed by an unauthorized individual between May 27, 2023, and June 21, 2023. Newton Centre Dental said it conducted a comprehensive and time-intensive review to determine which individuals had been affected, and individual notifications were mailed on March 8, 2024. The review of the emails was completed on April 29, 2024, and additional notifications were mailed on May 24, 2024. The compromised information includes names and Social Security numbers.
Newton Centre Dental said it has implemented additional safeguards to prevent further email breaches in the future and has provided further training to its employees. The affected individuals have been offered credit monitoring services for two years.
