18,000 patients potentially affected by hacked email account

The personal information of 18,000 patients at University Medical Center Health System (UMC Physicians) in Texas has potentially been compromised in a hacking attack.

On May 18, 2018 the IT team discovered that an employee’s email account had been hacked on March 15. An investigation was launched to determine the source and impact of the incident.

Potentially affected information is said to include patients’ names, addresses, phone numbers, medical record information, dates of birth, health insurance information, and Social Security numbers.

Those affected have been informed and have been provided with complimentary one-year credit monitoring and identity restoration services.

Appropriate action has been taken to strengthen security efforts and to prevent similar incidents from occurring in the future. There is no evidence at this time to suggest any misuse of the information.

A statement on the UMC Health System website read:

UMC and UMCP understand this incidence [sic] may create worry and inconvenience for patients, and the health system sincerely apologizes and regrets that this incidence [sic] has occurred.

Based on the reports, it is likely that the user of the affected email account fell victim to a phishing attack. With phishing attacks on the increase, particularly in the healthcare sector because of the large volume of personal data that organizations hold, this example highlights the importance of staff training.

The most important line of defense against a phishing attack is the email recipient. If your staff are able to identify and correctly respond to a malicious email, the danger can be mitigated.

Increase phishing awareness

Our Phishing Staff Awareness Course gives your staff an introduction to phishing scams, and helps reduce the chance that an employee will hand over confidential information, or inadvertently infect your organization’s systems. The course helps employees identify phishing attacks, explains what would happen should they fall victim, and shows them how they can mitigate the threat of an attack.

Learn more about phishing >>