Email Accounts Compromised at UW Health and Medical Home Network
Email accounts have been compromised at the University of Wisconsin Hospitals and Clinics Authority and the Medical Home Network in Illinois.
University of Wisconsin Hospitals and Clinics Authority Email Account Breach
The University of Wisconsin Hospitals and Clinics Authority (UW Health) recently provided an update on a security incident that was detected in late 2023. Suspicious activity was detected in an employee’s email account and the password was immediately changed to prevent further unauthorized access. A third-party cybersecurity firm was engaged to investigate the breach and it was determined on January 5, 2024, that the email account had been accessed by an unauthorized individual at various times between Sep. 20, 2023, and Dec. 5, 2023. Some of the emails in the account were viewed, and data may have been stolen.
The account was reviewed to determine the individuals affected and the types of information that had been exposed. The review was completed on February 9, 2024, and confirmed that the account contained names, dates of birth, medical record numbers, and clinical information, such as dates of service, provider names, and diagnoses. The emails did not contain any Social Security numbers, health insurance ID numbers, or financial information. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 85,902 individuals.
The affected individuals have now been notified and while UW Health has not found any evidence of misuse of patient data, patients have been advised to exercise caution regarding any emails they receive that claim to be from UW Health or other healthcare providers, and to monitor their billing statements and to report any charges for services that have not been received. UW Health also said users of the UW Health MyChart portal have been targeted in the past with scams through the use of fraudulent websites and has urged all patients to be vigilant when callers or emails request personal information. Scammers may claim to be UW Health employees when contacting people by phone, may send phishing emails using stolen UW Health logos, or may send phishing text messages requesting login credentials or linking to malicious URLs.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Medical Home Network Email Environment Compromised
MHNU Corporation, which does business as Medical Home Network (MHN) in Illinois, has recently notified 681 individuals about the exposure of some of their protected health information. Suspicious activity was identified in MHN’s email environment on or around October 11, 2023. After securing its email accounts, independent cybersecurity experts were engaged to investigate and determine the cause of the activity. The forensic investigation confirmed that an unauthorized actor gained access to the email accounts of two employees between October 4, 2023, and October 12, 2023, and emails and attached files may have been viewed or acquired.
On April 12, 2024, MHN learned that the protected health information of current and former members of CountyCare, Wellness West, and NeueHealth were stored in the compromised accounts. Those companies were notified about the incident on February 16, 2024, and MHN coordinated with the companies to effectuate notification to the affected individuals. MHN said the breached information included first and last names, patient IDs, phone numbers, dates of birth, and medical information; however, no evidence of misuse of that information had been identified at the time of issuing notifications. MHN said it takes privacy and security seriously and has taken steps to prevent similar incidents in the future.
