por
John R. Fischer, Senior Reporter | February 12, 2021
A hacker may have gained access to the personal health information of over 36,000 patients at UPMC
A cyberattack on a Pennsylvania law firm has left the personal health information of over 36,000 patients potentially exposed.
Charles J. Hilton & Associates P.C. (CJH) revealed this week that several of its employee email accounts were hacked between April and June 2020, and that the accounts contained personal details related to the healthcare of patients at the University of Pittsburgh Medical Center, which receives legal services from CJH,
according to Infosecurity Magazine.
"After a lengthy investigation by computer forensics specialists, CJH confirmed to UPMC in December that some of UPMC’s patient information may have been accessed in this breach," said UPMC in an online notice it posted this month.
Upon noticing suspicious activity in its employee email system in June, CJH launched an investigation that confirmed a hacking took place and that the perpetrators may have gained access to patient data used by the firm to provide its contracted billing-related legal services to UPMC.
Potential information compromised includes names, dates of birth, social security numbers, bank or financial account numbers, driver’s license numbers, state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, and trip numbers. In addition, the hackers were able to access Medicare or Medicaid identification numbers, individual health insurance or subscriber numbers, group health insurance or subscriber numbers, medical benefits and entitlement information, disability access and accommodation, and information related to occupational health, diagnosis, symptoms, treatment, prescriptions or medications, drug tests, billing or claims, and/or disability.
"While there is no evidence that this data was misused, CJH and UPMC are alerting affected patients through personal letters and public notification,” said UPMC.
CJH is currently writing to all patients whose information may have been compromised and is offering complimentary credit monitoring and identity-theft protection services to them. It also has set up a hotline for people to call with their concerns.
Both UPMC and CHJ encourage those who have been potentially affected to review account statements, credit reports, and explanation of benefits forms, and immediately report any suspicious activity found to their insurance company, healthcare provider or financial institution.
Back to HCB News