CHAPEL HILL – The University of North Carolina at Chapel Hill School of Medicine says it is mailing notification letters to an estimated 3,716 persons whose information may have been affected in a cyber phishing incident involving some School of Medicine email accounts.
“A leading independent forensic firm conducted a lengthy and extensive review that concluded on Sept. 13, 2019, and confirmed that an unauthorized third party gained access to several email accounts during the approximate timeframe of May 17, 2018, to June 18, 2018,” the university said.
“This review confirmed that some patients’ personal information was contained in the affected email accounts, possibly related to treatments received when they were seen by a UNC physician.”
UNC noted data could include patients’ names and dates of birth, and demographic information such as addresses, health insurance information, health information, Social Security numbers, financial account information and/or credit card information.
“The unauthorized third-party access was limited to the affected email accounts and did not impact medical record systems or patient care systems maintained by UNC Health Care. Information technology security teams continue to monitor relevant systems for unauthorized activity,” the university said.
UNC saidit is beefing up security measures.
“For patients whose Social Security number was contained in the email accounts, UNC School of Medicine is offering complimentary credit monitoring and identity protection services,” the university said.
“Additionally, UNC School of Medicine recommends affected patients review the statements they receive from their health care providers and health insurer. If a patient sees services they did not receive, please contact the provider or insurer immediately.”