University of Missouri Health Care announced Friday it recently identified and addressed a data security incident involving patient information.
University of Missouri Health Care (MU Health Care) announced Friday it recently identified and addressed a data security incident involving patient information.
On Aug. 28, 2020, MU Health Care completed the process of identifying patients with information potentially affected by an email phishing incident. That information may have included names, dates of birth, medical record or patient account numbers, health insurance information, and/or limited treatment or clinical information, such as diagnostic, prescription, and/or procedure information. For some patients, a Social Security number and/or driver’s license number was also identified.
MU Health Care’s investigation to determine the nature and scope of the incident began after learning that unauthorized person(s) may have gained access to certain employee email accounts. In addition to commencing an investigation, MU Health Care took steps to secure the email accounts involved. The investigation determined that the unauthorized access occurred between May 4, 2020, and May 6, 2020, according to a news release.
This incident did not affect all MU Health Care patients, but only those patients who had information contained in the compromised email accounts.
According to a news release on Friday, MU Health Care has no indication that individuals’ information was actually viewed by the unauthorized person(s), or that it has been misused. However, out of an abundance of caution, MU Health Care began mailing notification letters to those whose information was found in the affected accounts and is providing complimentary credit monitoring services to those individuals whose Social Security numbers potentially were exposed. MU Health Care also recommends patients review any statements they receive from their health insurers or health care providers. If they see charges for services they did not receive, patients should contact the insurer or provider immediately.
MU Health Care deeply regrets any concern or inconvenience this incident may cause and remains committed to protecting the security and confidentiality of its patients’ information. To help prevent something like this from happening in the future, MU Health Care implemented additional security enhancements to its email environment and has reinforced staff education regarding how to identify and avoid suspicious emails.
MU Health Care has established a dedicated call center to answer any questions individuals may have about the incident. Individuals with questions can call the call center at 1-888-977-0634, between 8 a.m. and 5:30 p.m. Central Time, Monday through Friday. Additional information is posted on the MU Health Care website, muhealth.org/data-security-incident.