UPMC Susquehanna is a linkage of medical centers and the hospitals in Muncy, Pennsylvania and Williamsport Wellsboro. UPMC declared that 200 patients PHI has been checked and accessed by illegal individuals. It is believed that the access to PHI is gained when an employee of the organization answered phishing email.
Although the date of the incident has not been highlighted yet. According to UPMC Susquehanna the breach was discovered on 21ts September when the worker of the organization highlighted doubtful activities on the device. According to the investigation process, the illegal individual got access to the information using the employee’s device.
It is still not discovered that either the illegal individual stole, viewed or misused the patient’s PHI, but according to the investigation the access of the data and its misuse will be valueless. The accessed information contains the contact information, the names, Social security numbers and the dates of birth. Mostly the affected patients were those who got treatment at different UPMC Susquehanna hospitals like UPMC Susquehanna Lock Haven, Soldiers and Sailors Memorial Hospital, Muncy Valley Hospital, Divine Providence Hospital, Sunbury Community Hospital and Williamsport Regional Medical Center.
UPMC Susquehanna took immediate actions to the incident and terminated the illegal access to the information. All the staff members were retrained according to the hospital laws and policies. UPMC Susquehanna further claimed that this training was an additional training to the annual one that is already provided to the staff members on Patients PHI. UPMC Susquehanna also conducted a review of all the rules and policies for the security of patient’s PHI.
All the affected patients got additional services for identify stealing protection and they have also been notified using emails. They have also provided information to the patients to secure their accounts and personal information in case of any threat.