University of Missouri Health Care suffers breach impacting more than 180,000 individuals

October 13, 2020
Medicare Web

University of Missouri Health Care (MU Health Care), a health system located in Columbia, Missouri, on September 17 reported a security incident that potentially affected 189,736 individuals, according to the Office for Civil Rights (OCR) breach report.

In a security notice posted to its website, MU Health Care disclosed that unauthorized individuals may have gained access to the email accounts of certain MU Health Care employees. MU Health Care’s investigation determined that the unauthorized access to the accounts occurred between May 4 and May 6. The accounts were accessed through a phishing scam.

Patient information potentially affected by the security incident included the following:

  • Dates of birth
  • Health insurance information
  • Limited treatment or clinical information (diagnostic, prescription, procedure information)
  • Medical record/patient account numbers
  • Names
  • Names
  • Social Security numbers

MU Health Care completed its investigation of the incident on August 28.

In the security notice, MU Health Care said it has no indication that the individuals’ information was actually viewed or misused. Patients whose information was identified in the accounts received mailed notification letters. In addition, MU Health Care established a toll-free call center to answer patient questions about the incident. MU Health Care also offered complimentary credit monitoring and identity protection services to individuals whose Social Security numbers were identified in the email accounts.

Related Topics: 
HIPAA