University of Pittsburgh Medical Center suffers breach impacting 19,000 individuals

February 9, 2021
Medicare Web

The University of Pittsburgh Medical Center (UPMC), one of the largest health systems in Pennsylvania, reported a breach on February 5 affecting 19,000 individuals, according to an Office for Civil Rights (OCR) breach report.

The incident involved information stored in a UPMC health plan employee’s email account, per the security notice posted on UPMC’s website. UPMC says it was first notified on December 9 of a phishing incident that may have exposed protected health information (PHI) of patients including:

  • Dates of birth
  • Clinical information including dental provider and procedure information
  • Names
  • Parent/guardian names

UPMC’s investigation did not find any evidence that the PHI has been misused. On February 3, UPMC began notifying individuals whose information was potentially exposed. In addition, UPMC set up a dedicated call center to answer questions and provide guidance on obtaining a free credit report.

Finally, UPMC indicated that it will review existing policies, controls, and processes and make the necessary changes following the review.

Related Topics: 
HIPAA