Data Security Incident

UC Health today announced that it is notifying 1,064 patients regarding a privacy incident involving some of their personal information.

The health system learned on Sept.16, 2015, that on nine occasions dating back to August 2014, emails containing protected health information that were intended to be sent internally within UC Health were inadvertently sent to an incorrect email address at a domain similar to UC Health’s authorized domain. The mistake was made when two letters were transposed in the email address domain name.

UC Health blocked any further UC Health-originated emails from going to the unauthorized domain, and is working with a forensic investigative firm to assist with the ongoing investigation.

The protected health information contained in the emails sent to the incorrect domain included, but was not limited to, patient names, birth dates, medical record numbers, dates of service, physician names, and diagnosis information.

We have no knowledge that the information in the emails was used or mis-used in any way, but we have sent letters to the affected patients. UC Health officials are recommending that those affected regularly review their credit card, bank, or other financial statement for any unauthorized activity, obtain a credit report from one of the three nationwide credit reporting agencies, and place a fraud alert on their credit account.

A special call center has been set up to assist affected patients who are receiving personal letters at their home addresses. Persons who desire more information or who have questions should contact 1-855-907-3146 Monday through Friday, 8 a.m. to 8 p.m. EST.

UC Health takes very seriously our role of safeguarding the personal information of our patients and using it in an appropriate manner and we apologize for any concern or inconvenience this situation may cause.

 

 

 

 

 

This entry was posted in Press Releases. Bookmark the permalink. Both comments and trackbacks are currently closed.