MINNEAPOLIS, Nov. 25, 2020 /PRNewswire/ -- Today,
University of Minnesota Physicians
("UMPhysicians") issued notice of a data security event that
potentially affected the confidentiality of personal information
related to certain patients.
UMPhysicians recently completed a thorough
investigation and comprehensive data review of a data security
event in which cyber attackers used phishing emails to fraudulently
access two employee email accounts. The two phishing email attacks
were identified on January 31, 2020
and February 4, 2020, shortly after
they occurred. UMPhysicians took immediate steps to secure the
email accounts and began working with third-party computer forensic
investigators to determine the nature and scope of the incidents.
The investigation indicated that an unknown actor had access to one
employee email account on January 30
and January 31, 2020, and another
employee email account on February 4,
2020, for a brief period of time.
Because the investigation was unable to determine with certainty
to what extent any emails within the two accounts may have been
viewed by the cyber attackers, in an abundance of caution,
UMPhysicians retained third-party specialists to perform a
comprehensive review of all information stored in the email
accounts at the time of the incident to identify any personal
information present in the accounts. On March 30, 2020, UMPhysicians began notifying
individuals with information present in the accounts while its
review was ongoing. UMPhysicians recently completed the
comprehensive data review, which involved many detailed steps to
identify and confirm the relevant data and the potentially affected
individuals. UMPhysicians is now notifying the additional
individuals who were identified as potentially affected.
The recently completed data review identified that one or more
of the following types of information associated with an individual
were present in an affected email account during the incident:
name, address, date of birth, date of death, date of service,
telephone number, medical record number, account number, payment
card number, health insurance information, and medical information.
For a small number of individuals, it may also include Social
Security number. There is no evidence indicating that this
information was actually viewed during the incident or has been
copied or otherwise misused.
UMPhysicians is notifying potentially affected individuals by
this posting, notification on its website, and by mailing letters
to potentially affected individuals. For individuals seeking
additional information regarding this incident, a dedicated
toll-free assistance line has been established. Individuals
may call the assistance line at (833) 960-3571, Monday through
Friday (excluding U.S. holidays), during the hours of 8 a.m. to 5:30 p.m., Central Time.
Individuals can also find additional information on how they can
protect their personal information as well as obtain additional
resources on UMPhysicians' website
https://mphysicians.org/ and in the letters they will receive
by mail. UMPhysicians is offering individuals complimentary
identity and credit monitoring for one year. As a precautionary
measure, UMPhysicians encourages potentially affected individuals
to remain vigilant against incidents of identity theft by reviewing
account statements and explanations of benefits for unusual
activity and reporting any suspicious activity immediately to their
insurance company, health care provider, or financial
institution.
UMPhysicians takes this incident and the security of the
information in its care very seriously. As part of UMPhysicians'
ongoing commitment to its patients, UMPhysicians has implemented a
range of privacy and security safeguards designed to enhance the
protections it has in place against phishing and similar malicious
attacks, including the deployment of additional security technology
and security awareness training. UMPhysicians deeply regrets that
this matter occurred and sincerely apologizes for any inconvenience
or concern it may have caused.
View original
content:http://www.prnewswire.com/news-releases/university-of-minnesota-physicians-provides-notice-of-data-security-event-301180690.html
SOURCE University of Minnesota
Physicians