UC Health becomes a victim of a phishing attack. Patients’ medical records compromised due to breach
Exploit: Phishing scam Wisconsin Diagnostic Laboratories: Healthcare network based in Cincinnati, Ohio
Risk to Small Business:1.888 = Severe: A phishing attack successfully duped hospital employees into compromising patients’ medical records. The breach, which was disclosed on September 4th and discovered on July 6th, impacted email accounts until July 12th. In response, UC Health is updating its email security policies and providing an employee education program to prevent a similar breach in the future. Unfortunately, future-focused initiatives won’t help those whose information is already compromised. To compound the issue, the healthcare provider will now face regulatory scrutiny, bad press, and additional costs of recovery that could have been entirely prevented.
Individual Risk:2.142 = Severe: The compromised employee accounts contained limited amounts of patient data, including names, dates of birth, medical record numbers, and clinical information. Patients are encouraged to review their accounts for suspicious activity, and UC Health has established an incident hotline where anyone can report possible malfeasance.
Customers Impacted: Unknown How it Could Affect Your Customers’ Business: The ROI on proactive security measures continues to rise in the face of crippling breaches which come with costly implications. This incident serves as a cautionary tale for all SMBs and highlights the importance of securing customer and employee data before it is compromised.