Two Connecticut healthcare providers recently experienced cyberattacks involving compromised email accounts.
Within the past few months, both United Way of Connecticut and UConn Health have experienced cybersecurity incidents. United Way reported on September 3 that a phishing incident resulted in a single email account compromise. The OCR Wall of Shame and the Times Record of the breach both report over 8,000 individuals were affected.
Similarly, UConn experienced suspicious activity in an email account on June 14, 2024. An investigation revealed that an unauthorized third party accessed and potentially acquired personal information. Notification letters informing patients of the incidents were mailed starting August 13.
The UConn notice of data incident provided that, “UConn Health also engaged a forensic security firm to assist with our investigation. The investigation determined that an unknown, unauthorized third party accessed the email account for a short period on June 14, 2024.”
The compromise of a single staff account in both instances, although limited in scope could reveal the information of thousands of patients. This raises concerns about the organization's overall email security systems and the staff protocols surrounding phishing scams. Adequately trained staff should be able to identify and report phishing scams with ease. Additionally, secure HIPAA compliant email systems could have assisted in preventing and/or detecting unauthorized access within the system. In this sense, prevention would help mitigate the consequences and expenses faced as a result of the breach.
Related: How staff training ensures HIPAA compliant email
An incident where sensitive information is accessed or stolen by an unauthorized person.
A fraudulent attempt to obtain sensitive information by pretending to be a trustworthy entity.
It occurs when someone gains entry to a system, account, or data without permission.