A UConn Health patient, Yoselin Martinez, filed a class action lawsuit on March 18 after learning about the recent UConn Health patient data breach.
“Martinez alleges in the lawsuit that UConn Health failed to properly secure and safeguard patients’ personally identifiable information and failed to provide timely, accurate and adequate notice,” FierceHealthcare said in a recent news release.
UConn Health announced on Feb. 22, 2019 that it would be sending notices to 326,000 patients about a recent cyber security breach that occurred in December 2018. These patients’ personal information may have been compromised in the breach, according to UConn Health.
“We recently learned that an unauthorized third party illegally accessed a limited number of employee email accounts,” chief communications officer Chris Hyers and interim health information officer Delker Vardilos said in a UConn Health press release.
On Dec. 24, 2018, UConn Health determined that personal information from a number of their patients had been accessed.
“Our investigation determined that the accounts contained some personal information, including some individuals’ names, dates of birth, addresses and limited medical information… the accounts also contained the social security numbers of some individuals,” the press release said.
Approximately 1,500 of the patients that were affected by the security breach had their social security numbers included in the leaked information.
“It is important to note that UConn Health does not know for certain if any personal information was ever reviewed or acquired by the unauthorized party,” the press release said.
Hyers and Vardilos said despite the security breach, UConn Health’s computer networks and electronic medical systems were not impacted.
“We are mailing notification letters to potentially impacted individuals for whom we have a valid mailing address to provide information on steps they can take to protect themselves against potential fraud or identity theft,” the press release said.
UConn Health advises its patients to regularly monitor credit reports, account statements and benefit statements, the press release said.
“If individuals detect any suspicious activity, they should notify the entity with which the account is maintained and promptly report any activity to appropriate law enforcement authorities,” the press release said.
Free identity theft protection services are being provided to patients whose social security numbers were leaked.
“UConn Health takes its responsibility to safeguard personal information seriously and apologizes for any inconvenience or concern this incident might cause,” the press release said. “We have taken and continue to take steps to help prevent something like this from happening again, including evaluating additional platforms for education staff and reviewing technical controls.”
In 2015, UConn’s School of Engineering experienced a similar and completely separate incident, according to Stephanie Reitz, UConn spokesperson.
“UConn IT security professionals, working with outside specialists, have no direct evidence that any data was removed from the School of Engineering’s servers,” UConn wrote in a press release distributed at the time. “The School of Engineering immediately notified faculty… as well as roughly 1,800 users of the Lync instant communication tool used across the University at the time.”
UConn Health was contacted for comment on the current lawsuit, but cannot speak on any pending litigation.
Naiela Suleiman is a campus correspondent for The Daily Campus. She can be reached via email at firstname.lastname@example.org.