Massachusetts-based UMass Memorial Health is the latest large healthcare network to report an email phishing incident that potentially compromised hundreds of thousands of individuals’ protected health information.
The unauthorized access to “a limited number” of employee email accounts lasted about seven months – from June 24, 2020, to Jan. 7 2021 – before it was detected, Worcester, Massachusetts-based UMass Memorial says in a breach notification statement posted on its website.
UMass Memorial Health, which includes an academic medical center, three other hospitals and a medical group, reported to the Department of Health and Human Services on Oct. 15 an email hacking incident affecting more than 209,000 individuals, according to HHS’ Office for Civil Rights’ HIPAA Breach Reporting Tool website. Commonly called the “wall of shame,” the website lists health data breaches affecting 500 or more individuals.
