PHI Compromised Due to UNC Health and Nebraska DHHS Phishing Attacks

The Nebraska Department of Health and Human Services has reported a security incident concerning the protected health information (PHI) of clients of Aging Partners, a division of the City of Lincoln.

The Lincoln Information Services Department uncovered the breach on May 25, 2021. Workers had clicked links in phishing email messages and shared information to their email accounts, which got over 46,000 email messages. A computer forensics firm assisted in confirming that an unauthorized person accessed the email account from May 18 to May 21.

An audit of the messages in the account affirmed that some included patient details like names, dates of birth, addresses, telephone numbers, Social Security numbers, type/amount of service, dates of service, and a few health information like diagnoses, care examination, and prescription medication listings. Emails additionally included bank account numbers or other financial data of some people. 6,600 of the emails enclosed the PHI of Aging Partners’ customers, though only 1,513 persons were affected. For most affected people, only names were contained in the email accounts.

All people impacted by the attack are currently being advised and credit monitoring and identity theft protection solutions are being given to persons who had their financial details enclosed in the breached email accounts.

UNC Health Phishing Attack

UNC Health has reported that an unauthorized individual accessed an email account including the PHI of patients of the University of North Carolina at Chapel Hill School of Medicine (SOM) and the University of North Carolina Hospitals (UNC Hospitals).

On May 20, 2021, UNC Health uncovered the compromise of the email of a SOM faculty member. That person offered medical services at UNC Hospitals. The email account was made secure promptly, and an investigation was started to ascertain the scope of the breach. With the assistance of a third-party cybersecurity agency, UNC Health established that the email account breach was only on April 20, 2021. The breach didn’t affect any other systems or email accounts.

An analysis of the account showed the possible breach of these types of data: Patients’ names, birth dates, diagnosis and treatment data, and/or details concerning a research study patients might have been associated with or were qualified for at UNC Hospitals/SOM. The email account had the medical insurance data of fewer than 30 patients and the Social Security numbers of less than 10 patients. There were no documented incidents of patient information misuse.

More email security steps are being enforced and employees are given more training to help them distinguish phishing email messages.