Doubted Phishing Attack on UPMC Susquehanna Discloses 1,200 Patients’ PHI

UPMC Susquehanna, a group of medical centers and hospitals in Muncy. Pennsylvania and Williamsport, Wellsboro, has declared that the PHI of 1,200 patients has possibly been retrieved by illegal people. Access to PHI is thought to have been gained when a worker replied to a phishing electronic mail.

Although particulars of the breach date have not been announced, UPMC Susquehanna states it found the breach on September 21, when a worker informed doubtful activity on his computer system. An inquiry was started, which disclosed illegal people had gained access to that person’s appliance.

It’s unknown whether the assailant saw, thieved, or abused any patient information, however, the probability of data access as well as abuse could not be precluded. The information possibly accessed contains names, dates of birth, contact information, as well as Social Security numbers.

The people possibly affected by the event had earlier received cure at different UPMC Susquehanna hospices including Divine Providence Hospital in Williamsport, Williamsport Regional Medical Center, Soldiers and Sailors Memorial Hospital in Wellsboro, Sunbury Community Hospital, UPMC Susquehanna Lock Haven, and Muncy Valley Hospital.

UPMC Susquehanna reacted swiftly to the breach, ending illegal access. Workforce has also been offered “intensive retraining” on hospice plans and applicable state and federal rules to avoid any repetition. UPMC Susquehanna said this teaching was beside the yearly coaching periods already provided to all workforce members on the confidentiality and privacy of PHI. UPMC Susquehanna has also carried out a complete analysis of its procedures and policies for maintaining patient information safe.

All patients affected by the case have been provided free identity thievery defense facilities and have now received notices in the post. Patients have also received directives on the measures they can take to safeguard their accounts as well as credit in case their information is abused.