A third-party computer forensics company was retained to investigate the attack and search for protected health information in emails and email attachments in the compromised accounts.
- Conversations with the Golf God?
- Essays in Humanitarian Action;
- What is a phishing attack!
While it was not possible to determine who was responsible for the attack nor whether emails and email attachments in the compromised accounts had been viewed by the attacker s , PHI access could not be ruled out. UConn Health explained in its substitute breach notice that no reports have been received to indicate any patient information has been misused.
The majority of individuals affected by the attack were patients.
Some employees have also had personal information exposed. Information contained in the compromised email accounts was limited to names, addresses, dates of birth, and some clinical information, such as appointment dates and billing information. Approximately 1, Social Security numbers were also potentially compromised.mta-sts.mail.victoriasclub.co.uk/gumu-mejor-precio-hidroxicloroquina.php
Hospitals' Vulnerability to Phishing Emails Exposed
All patients whose PHI was potentially accessed by the attackers have been notified by mail. Complimentary identity theft protection services have been offered to patients whose Social Security number was exposed.
UConn Health is reviewing its technical controls to prevent phishing attacks and is currently evaluating additional security training platforms to better educate staff on phishing and other cybersecurity threats. The Ullico Inc.
As is often the case in healthcare phishing attacks, the phishing email was realistic and appeared to be a genuine request from a business partner. The email contained a hyperlink which asked for login credentials to be entered when clicked. The employee entered the credentials, which were harvested by the attacker and used to remotely access the account.
- Kentucky Government, Politics, and Public Policy?
- You are here!
- PHI of , Patients Exposed UConn Health Phishing Attack - Compliance Junction!
- Prevent Phishing Attacks.
- A Stones Throw (The Gryphonpike Chronicles Book 3).
ULLI had systems in place which alerted the information technology department to the unauthorized access. The IT department blocked third-party access to the account within 90 minutes of the account being compromised on April 1, and disconnected the device from the network. The prompt action greatly limited the potential for the accessing or theft of protected health information contained in emails and email attachments.
ULLI conducted a forensic analysis and determined that access was limited to a single email account on one device.