UC Health Discloses Medical Records Incident

UC Health understands the importance of protecting our patients’ information. Regrettably, this notice involves some of that information.

On July 6, 2019, we first learned that an unauthorized person gained access to a limited number of employee email accounts beginning on July 2, 2019 and continuing through July 15, 2019. We immediately secured the accounts, began an investigation, and a leading computer forensic firm was hired to assist. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. We reviewed the emails and attachments in the accounts to identify patients whose information may have been accessible to the unauthorized person. From this review, patient information was identified in one or more of the email accounts, including patient names, dates of birth, patient account and/or medical record numbers, health insurance information and clinical information, which may have included dates of service, provider names, and diagnostic, treatment, surgical, and/or prescription information. In limited instances, patients’ Social Security numbers were also found in the accounts.

We have no indication that any patient information was actually viewed by the unauthorized person, or that it has been misused.  However, out of an abundance of caution, we began mailing letters to affected patients on January 31, 2020, and have established a dedicated call center for patients to call with questions. If any patients have questions about this incident, please call 1-833-496-0187, Monday through Friday, 9:00 a.m. to 6:30 p.m. Eastern Time.

We recommend that our patients review any statements they receive from their healthcare providers and health insurers. If you see any services that you did not receive, please contact the provider or insurer immediately.  For eligible patients whose Social Security number was found in the email accounts, we are offering complimentary credit monitoring and identity protection services.

We deeply regret any inconvenience or concern this incident may cause you. To help prevent something like this from happening in the future, we reset all employee passwords, limited external email access, blocked access to malicious sites and IP addresses identified through the investigation of this incident, increased monitoring of network activity, continued to educate users on how to identify and avoid malicious emails, and added additional authentication measures for remote email access.

This statement was originally issued in September 2019 and updated February 2020.

###

About UC Health
UC Health is an integrated academic health system serving the Greater Cincinnati and Northern Kentucky region. In partnership with the University of Cincinnati, UC Health combines clinical expertise and compassion with research and teaching – a combination that provides patients with options for even the most complex situations. Members of UC Health include: University of Cincinnati Medical Center, West Chester Hospital, Daniel Drake Center for Post-Acute Care, Bridgeway Pointe Assisted Living, University of Cincinnati Physicians and UC Health Ambulatory Services (with more than 800 board-certified clinicians and surgeons), Lindner Center of HOPE and several specialized institutes including: UC Gardner Neuroscience Institute; UC Cancer Institute; and UC Heart, Lung & Vascular Institute. Many UC Health locations have received national recognition for outstanding quality and patient satisfaction. Learn more at UCHealth.com.

This entry was posted in Press Releases. Bookmark the permalink. Both comments and trackbacks are currently closed.