Doubted UPMC Susquehanna Phishing Attack Discloses 1,200 Patients’ PHI

A system of medical centers and hospitals in Muncy, Wellsboro, and Williamsport in Pennsylvania, known as UPMC Susquehanna has disclosed that the PHI of 1,200 patients has probably been accessed by illegal people. Access to PHI is believed to have been obtained after a worker responded to a phishing electronic mail.

Although information regarding the breach date hasn’t been announced, UPMC Susquehanna states it found the breach on September 21, once an employee informed doubtful activity on his computer. A probe was started which disclosed the access to that individual’s computer by illegal people.

They haven’t yet discovered whether the assailant stole, viewed or abused any patient data, however, the probability of misuse and data access couldn’t be precluded. The news potentially disclosed includes names, Social Security information, dates of birth, and contact information.

The persons probably affected by the occurrence had earlier got treatment at many UPMC Susquehanna hospices including Soldiers and Sailors Memorial Hospital, Sunbury Community Hospital, Muncy Valley Hospital, in Williamsport, Wellsboro, as well as Divine Providence Hospice based in Williamsport.

After the breach, UPMC Susquehanna moved quickly, ending access for illegal operators. Employees have also been undertaking “intensive retraining” on hospice policies and correct federal as well as state law to avoid any further breaches taking place. UPMC Susquehanna stated this training arrangement was beside the yearly training periods already provided to all employees on the confidentiality and privacy of PHI. UPMC Susquehanna has also taken steps to a finish evaluation of its procedures and policies for keeping PHI protected from being leaked.

All persons affected by the breach event have been provided free identity thievery safety services and have now gotten notices through the post. Patients have also been suggested of the measures they can take to increase the safety of their accounts as well as credit if their information is accessed.