MU Health Care announced Friday that a data breach may have included information of around 180,000 patients.
MU said it had determined that unauthorized persons gained access to six employee email accounts which held patient information through an email phishing incident between May 4-6 earlier this year.
It is not confirmed that patients’ information has been exploited or even viewed explicitly by any unauthorized person, according to the release.
This compromised information includes birth dates, medical records, patient account numbers, health insurance information, procedure history and prescription information, the release said.
For some, social security numbers and driver’s license numbers have also been compromised.
No payment or credit card information was accessed, according to MU Health Care spokesperson Jesslyn Chew.
Only MU patients whose information was held in the targeted email accounts were impacted, she said.
“The data security incident was not related to MU’s HEALTHConnect patient portal,” Chew said in an email. “This was an email phishing incident” in which unauthorized persons gained access to some employee email accounts.
MU Health Care has begun contacting those involved, and is also providing individuals whose social security information has been compromised with complimentary credit monitoring services.
A call center has been established for any questions involved patients may have.
The center can be reached at 1-888-977-0634 from 8 a.m. to 5:30 p.m. Monday through Friday.
MU Health Care has taken steps to increase email security and reeducate employees on how to identify potential spam risk emails.
More information can be found on the MU Health Care website, muhealth.org/data-security-incident.
Chew said the incident was not related to an earlier data breach announced by MU involving a cybercriminal acquiring MU alumni and donor cloud data services managed by Blackbaud, a third-party company storing the data.
That incident also occurred in May.