A cyber-attack on a Pennsylvania law firm has potentially exposed the personal health information (PHI) of more than 36,000 patients of University of Pittsburgh Medical Center (UPMC).
Law firm Charles J. Hilton & Associates P.C. (CJH), which provides legal services to UPMC, discovered suspicious activity in its employee email system in June 2020. An investigation determined that hackers had gained access to several employee email accounts between April 1, 2020, and June 25, 2020.
In December 2020, UPMC received a breach notification report from CJH confirming that whoever hacked into the email accounts may have accessed patient data. CJH is now in the process of writing to all the patients who may have been affected.
Patient information compromised in the attack consisted of data used by CJH to provide its contracted billing-related legal services to UPMC.
Exposed data includes names, dates of birth, Social Security numbers, bank or financial account numbers, driver’s license numbers, state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, and trip numbers.
Hackers were also able to access Medicare or Medicaid identification numbers, individual health insurance or subscriber numbers, group health insurance or subscriber numbers, medical benefits and entitlement information, disability access and accommodation, and information related to occupational health, diagnosis, symptoms, treatment, prescriptions or medications, drug tests, billing or claims, and/or disability.
"After a lengthy investigation by computer forensics specialists, CJH confirmed to UPMC in December that some of UPMC’s patient information may have been accessed in this breach," stated UPMC in a notice posted February 5.
"While there is no evidence that this da ..
Support the originator by clicking the read the rest link below.
