Phishing Attack on UMass Memorial Community Healthlink impacted 4,598 Patients

UMass Memorial Community Healthlink, a part of the UMass Memorial Health Care, has reported on June 17, 2019, that it becomes victim of a phishing attack, due to which the hackers have access to the patient information. The UMass Memorial Community Healthlink is a provider of the behavioral health, addiction, as well as homeless services all over the central Massachusetts.

On April 18, 2019, the UMass Memorial Community Healthlink came to know that two employees email accounts were accessed by unauthorized individual, as per a news release. The Community Healthlink said that they immediately secured both the email accounts, and began an investigation.

The breach investigation has revealed that the email accounts were accessed for the first-time on April 18, and so the information in compromised email accounts has been accessible only for a limited period of time on April 18, 2019. No evidence has been found to know if the hackers had viewed or copied sensitive information. However, the hackers did have access to the patients' information including names, health insurance information, client identification numbers, dates of birth, diagnosis as well as treatment information, and in a few instances, the Social Security numbers.

The Community Healthlink has reviewed all the emails in the compromised email accounts in order to identify the patients whose information has been there in email or attachment, and so might be accessible to that unauthorized person.

All the patients who are affected were notified. Behavior health service of UMass Memorial Health Care in Worcester has sent notification letters to the 4,598 patients about the Apr. 18 data breach, as per Worcester Business Journal.

The Community Healthlink is offering complimentary identity protection and credit monitoring services to those patients who have their Social Security number in those compromised email accounts. The UMass Memorial Community Healthlink also recommends the affected patients to review any billing statements or explanation of the benefits statements that they get from their healthcare providers or health insurers to see whether they are being billed for something that they did not receive.

As a result of this breach, rules were strengthened so as to prevent the email accounts from getting accessed from the external domains, passwords were reset, automatic alerts were increased, as well as defenses were strengthened against the email impersonation attacks. Besides, the employees were also been provided training.

» SPAMfighter News - 7/11/2019