Phishing Email sent to Employee responsible for UConn Health Breach
Who: UConn Health
# of Accounts Breached: 326,000
What was affected: An unauthorized third party accessed employee email accounts breaching the privacy of 326,000 patients and others. Of that number, 1,500 could have had their social security numbers exposed, UConn Health said. For others, potentially acquired details include names, dates of birth, addresses, and billing and appointment information.
When it happened: February 22, 2019 (reported)
How it happened: A malicious actor used a phishing attack to exploit the users of our email system. The identity of the individual or individuals is unknown.
Outcome: UConn is not certain if the malicious actor viewed or acquired any of the private information. They sent out letters to all potentially impacted individuals and is also offering free identity theft protection services to the 1,500 whose social security numbers may have been exposed. Law enforcement was notified as required by Connecticut state law.