NewsLocal News


UC Health says phishing attack may have exposed patient information

Posted at 5:11 PM, Sep 04, 2019
and last updated 2019-09-04 17:27:07-04

CINCINNATI — UC Health says it is investigating a recent email phishing attack that may have exposed patient information.

In a release Wednesday, UC Health said it learned on July 6 of an incident that led to unauthorized access to a “limited number” of employee email accounts between July 6-12 of this year.

UC Health said it expects that some patient information is contained in the accounts, including names, birthdates, medical record numbers and clinical information, according to the release.

An ongoing investigation has been unable to determine whether unauthorized persons viewed emails or attachments in the accounts, UC Health said, adding that it has no indication that any patient information has been misused.

UC Health said it is in the process of identifying patients whose information may have been accessible and expects to notify affected patients "in the coming weeks."

UC Health said it has established a call center and patients with questions should call 1-833-496-0187, Monday through Friday, 9 a.m. to 6:30 p.m. ET.

UC Health said patients should review statements from healthcare providers and contact them immediately if they see services they did not receive.

UC Health said it took immediate took steps to secure the accounts and hired "a leading computer forensic firm" to assist in its investigation. It also said it is enhancing its email security and employee education on how to identify and avoid malicious emails.