UW Health Notifies Patients of Email Incident
UW Health announced today that it is sending letters to a group of patients about an incident involving an employee’s email account.
The incident, which took place on March 16 this year, was discovered by UW Health on March 28, 2017. An unauthorized individual gained access to an employee’s credentials and email account. UW Health Information Systems immediately began an investigation, disabled the account, and reset the password. The unauthorized individual had access to the email account and data files within that account. Some of those files contained patient information, including patients’ names; addresses; dates of birth; dates of service; providers’ names; reasons for the visits; medical history and conditions; medications; diagnostic results and/or social history. The emails did not include the patients’ medical records, Social Security numbers, credit-card numbers, health insurance numbers, or other financial information. The incident did not affect all UW Health patients, only those patients whose information was contained in the email account.
UW Health has established a dedicated call center to answer patients’ questions. In addition, UW Health is reviewing the incident and reinforcing educational efforts with employees and providers regarding emails and patient confidentiality.
Date Published: 05/26/2017