25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

UPMC Health Plan Data Breach Affects 722 Subscribers

Posted By on Jul 15, 2015

UPMC health plan has reported a data breach affected 722 insurance subscribers. This is the second data breach to affect the health plan this year. In May UPMC reported  2,000 patient records had been compromised.

The latest data breach appears to have resulted from an internal error. Yesterday, UPMC spokeswoman, Gina Pferdehirt, said patient information was compromised when an email containing PHI was sent to an unauthorized person.

The statement released by UPMC says the email was sent by accident, suggesting there was no malicious intent behind the data breach. According to UPMC, “The email meant for a physician’s office in Lawrence County was sent instead to an incorrect address, revealing patient names, insurance membership numbers, birth dates and phone numbers.”

According to a response provided to the Pittsburgh Post Gazette, Pferdehirt said, “while we take this seriously, in context the breach is very minor.”

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The email did not contain financial information, health data or Social Security numbers, although member names, dates of birth, ID numbers and phone numbers were compromised.

Pferdehirt did not say when UPMC discovered the breach; however the incident occurred on June 4, 2014, and the data breach was reported to federal authorities on July 2, after an internal investigation had been conducted. This suggests the data breach was rapidly identified by UPMC’s IT department.

Pferdehirt said “We are contacting the members, and we really are sorry about this.” Affected patients will be provided with further information by mail, including how to reduce the risk of identity theft in the event that the information is used.

The recent data breaches affecting UPMC highlight the difficulty organizations can have keeping PHI secure. Accidental disclosures of PHI can all too easily occur, even with staff training, and it is difficult to totally eliminate the risk of a Business Associate causing a data breach. The May breach also affected 39 other companies. UPMC was also targeted by hackers last year, who managed to steal 62,000 patient records.

Security has been improved in the wake of the past breaches, and UPMC will continue to improve defenses to prevent similar attacks from taking place in the future.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist