Health & Fitness
UAB Data Breach Exposes Information Of Thousands Of Patients
The data compromised in the breach could include a patient's birth date, diagnosis and treatment information.
BIRMINGHAM, AL — Hackers gained access to some UAB Medicine employee email accounts exposing the protected health information of 20,000 patients, the hospital said this week.
UAB Medicine is notifying the affected patients that their information could have potentially been seen by the hackers. The information that hackers may have seen could include the patient's name along with one or more of the following pieces of information: medical record number, birth date, dates of service, location of service, diagnosis and treatment information.
Any patients whose Social Security numbers were compromised have been specifically notified.
Find out what's happening in Birminghamfor free with the latest updates from Patch.
The hackers sent an email designed to look like an authentic business survey from an executive.
"Despite education and training to recognize this type of phishing attack, a number of employees accessed the survey and provided their username and password to the hackers, allowing the hackers to access the employees’ email accounts as well as the payroll system," UAB Medicine said in a press release.
Find out what's happening in Birminghamfor free with the latest updates from Patch.
The electronic health record and billing systems were not impacted by the attack.
The phishing attack took place on August 7. Any accounts affected by the breach had their passwords reset and a security firm was hired to investigate the attack.
According to UAB, the hackers were trying to divert employees' automatic payroll deposit to an account controlled by them. UAB was able to stop any payroll from being redirected.
There's no evidence that the hackers were trying to gain access to or stole any patient information, UAB said.
"UAB Medicine takes the protection of our patients’ health information very seriously and sincerely regrets this potential intrusion on your privacy," a letter sent to affected patients said.
Any affected patients are being asked to review their credit reports and insurance statements. The hospital is also providing a year of free credit monitoring to any of the patients. Anyone affected by the breach can call 877-594-0950 with questions.
Get more local news delivered straight to your inbox. Sign up for free Patch newsletters and alerts.