IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Mass. Health System Data Breach Affects About 200K Patients

Earlier this month, UMass Memorial Health, a health-care system in Worchester, Mass., informed 209,048 patients that their private information may have been compromised due to an email-related data breach.

UMass Memorial and the surrounding areas are seen from the air
UMass Memorial and the surrounding areas are seen from the air as UMass Memorial Health Care and Air Methods unveiled a new Life Flight helicopter on Sept. 11, 2020.
T&G Staff/Ashley Green
(TNS) — Thousands of patients at UMass Memorial Health have been notified of a data breach involving the health system's email system.

Some of the emails accessed by hackers included patient information, such as Social Security numbers and medical-related data.

The breach affected more than 209,048 individuals, according to the U.S. Department of Health and Human Services, which documents such incidents.

UMass Memorial Health, in an Oct. 15 notice to patients, said an unauthorized person accessed the accounts between June 2020 and January 2021.

"Our investigation to determine the nature and scope of the incident determined on January 27, 2021, that a limited number of UMass employees' email accounts may have been accessed by an unauthorized person," the notice said.

The health system said it was unable to determine to what extent the unauthorized person viewed the emails. The breach did not involve all UMass Memorial patients, only those whose information was contained in the accessed emails.

The notice said: "On August 25, 2021, we completed the process of identifying individuals with information contained in the accounts. For patients, the information involved included names, dates of birth, medical record numbers, health insurance information, and clinical or treatment information, such as dates of service, provider names, diagnoses, procedure information, and/or prescription information. For health plan participants, the information involved included names, subscriber ID numbers, and benefits election information. For some individuals, a Social Security number and/or driver's license number was also involved."

Some patients affected by the breach were offered free credit monitoring and data protection services. This covers cases in which a Social Security number or a driver's license number was identified in an email.

"To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment, including enabling multifactor authentication," the notice from UMass Health said.

In September 2020, UMass Memorial informed patients that a vendor that provides data services, Blackbaud, was hit by a data breach. An unauthorized person may have accessed a database that with UMass Memorial information.

©2021 Distributed by Tribune Content Agency, LLC.