Tens of thousands of UMass Memorial Health patients have been alerted of a data breach which began from within the health system’s email system. Emails accessed by hackers included sensitive patient information like Social Security numbers and personal medical data.
The UMass Memorial breach impacted more than 209,000 individuals, according to the U.S. Department of Health and Human Services. In an October notification letter to affected patients, UMass Memorial Health said an unauthorized person accessed the email accounts between June 2020 and January 2021.
It has also been determined that a number of UMass Health employees’ email accounts may have been accessed. The UMass notice said the following information may have been compromised:
- Dates of birth
- Medical record numbers
- Health insurance information
- Clinical or treatment information
- Procedure information
- Prescription information
- Subscriber ID numbers
- Social Security number and/or driver’s license number
Some patients whose Social Security number or driver’s license number was identified in an email have been offered free credit monitoring and data protection services.
UMass Memorial Health says in order to prevent another data breach incident, they have reinforced staff education and added cybersecurity measures, something data privacy lawyers say should have been done long ago.
In September 2020, UMass Memorial informed patients that Blackbaud, a data services vendor providing data services, was hit by a data breach that may have impacted UMass Health patient information.
The Lyon Firm is investigating the UMass Health data breach and is actively involved in numerous data privacy cases and has experience filing data security claims on behalf of plaintiffs nationwide.