1 min read

United Way of Connecticut and UConn Health suffer data breaches

United Way of Connecticut and UConn Health suffer data breaches

Two Connecticut healthcare providers recently experienced cyberattacks involving compromised email accounts.  

 

What happened

Within the past few months, both United Way of Connecticut and UConn Health have experienced cybersecurity incidents. United Way reported on September 3 that a phishing incident resulted in a single email account compromise. The OCR Wall of Shame and the Times Record of the breach both report over 8,000 individuals were affected. 

Similarly, UConn experienced suspicious activity in an email account on June 14, 2024. An investigation revealed that an unauthorized third party accessed and potentially acquired personal information. Notification letters informing patients of the incidents were mailed starting August 13. 

 

What was said 

The UConn notice of data incident provided that,UConn Health also engaged a forensic security firm to assist with our investigation. The investigation determined that an unknown, unauthorized third party accessed the email account for a short period on June 14, 2024.”

 

Why it matters 

The compromise of a single staff account in both instances, although limited in scope could reveal the information of thousands of patients. This raises concerns about the organization's overall email security systems and the staff protocols surrounding phishing scams. Adequately trained staff should be able to identify and report phishing scams with ease. Additionally, secure HIPAA compliant email systems could have assisted in preventing and/or detecting unauthorized access within the system. In this sense, prevention would help mitigate the consequences and expenses faced as a result of the breach. 

Related: How staff training ensures HIPAA compliant email

 

FAQs

What is a data breach? 

An incident where sensitive information is accessed or stolen by an unauthorized person. 

 

What is a phishing scam?

A fraudulent attempt to obtain sensitive information by pretending to be a trustworthy entity. 

 

What is unauthorized access?

It occurs when someone gains entry to a system, account, or data without permission.