One of the largest health systems in Pennsylvania reported a breach on February 5.
A version of this article was first published February 9, 2021, by HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.
The University of Pittsburgh Medical Center (UPMC), one of the largest health systems in Pennsylvania, reported a breach on February 5 affecting 19,000 individuals, according to an Office for Civil Rights (OCR) breach report.
The incident involved information stored in a UPMC health plan employee’s email account, per the security notice posted on UPMC’s website. UPMC says it was first notified on December 9 of a phishing incident that may have exposed protected health information (PHI) of patients including:
- Dates of birth
- Clinical information including dental provider and procedure information
- Names
- Parent/guardian names
UPMC’s investigation did not find any evidence that the PHI has been misused. On February 3, UPMC began notifying individuals whose information was potentially exposed. In addition, UPMC set up a dedicated call center to answer questions and provide guidance on obtaining a free credit report.
Finally, UPMC indicated that it will review existing policies, controls, and processes and make the necessary changes following the review.
Revenue Cycle Advisor combines all of HCPro's Medicare regulatory and reimbursement resources into one handy and easy-to-access portal. News is not just repeated from other sources. It is analyzed by our Medicare experts so professionals can comprehend any new rule and regulatory updates thoroughly. Learn more.