NBC Connecticut Investigates has new particulars a couple of cyber-attack that UConn Health mentioned might affect greater than 326,000 individuals.
The well being system started notifying sufferers and launched a public assertion about the incident on February 21, 2019.
It mentioned partly, “UConn Health recently learned that an unauthorized third party illegally accessed a limited number of employee email accounts… On December 24, 2018, we determined that the accounts contained some personal information, including some individuals’ names, dates of birth, addresses and limited medical information, such as billing and appointment information. The accounts also contained the Social Security numbers of some individuals.”
In response to an NBC Connecticut inquiry, a spokesperson for UConn Health confirmed the breach occurred in August 2018.
The spokesperson mentioned UConn Health instantly employed a forensic safety agency to research. According to the spokesperson, the course of concerned manually reviewing greater than 285,000 emails and attachments, figuring out which data was compromised for every particular person affected, reviewing affected person data and contacting every particular person individually.
West Hartford resident Bill Scaringe and his spouse each acquired letters from UConn Health notifying them of the breach. The letters state the Scaringes’ Social Security Numbers weren’t compromised.
Scaringe mentioned he’s troubled that he discovered about the breach six months after it occurred.
“They have a duty to protect this information and in my opinion they did not do that,” Scaringe mentioned.
UConn Health suggested sufferers to watch their credit score studies for suspicious exercise. It can be providing free credit score monitoring and ID theft safety to these whose Social Security numbers had been uncovered.
George W. Kudelchuk III, enterprise options govt at Kelser Corporation in Glastonbury, mentioned UConn Health put the applicable measures in place after studying of the breach.
Kudelchuk will not be concerned in the UConn Health investigation, however mentioned the sheer quantity of private data stored by healthcare suppliers makes them prime targets.
“At the end of the day, no business is impenetrable,” he mentioned.
Kudelchuk advises companies to implement a number of layers of safety. And he says it begins with employees coaching.
“The biggest threat to a business unfortunately are the employees. Inadvertently clicking on something on their lunch break or just not being aware or educated on what the threats are,” he mentioned.
That was apparently the case at UConn Health, which confirms the hackers used a phishing assault to use the e-mail system.
Kudelchuk mentioned leaving passwords out in the open is one other frequent mistake he sees. He mentioned people and companies alike can defend themselves by sticking to some fundamental safety guidelines.
“Making sure you’re starting off with secure passwords, you’re going to secure websites. You’re not sharing any of your information, you’re not recycling passwords,” he mentioned.
UConn Health declined an on digital camera interview for this story. A spokesperson advised us, “We take seriously the privacy and security of our patients’ personal information and are taking steps to ensure something like this doesn’t happen again.”
Get more stuff like this
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.
Something went wrong.