More than 3,700 individuals may have had their personal information exposed as a result of a data breach at the UNC School of Medicine.
The university announced the breach on Tuesday, following a “lengthy and extensive review conducted by a leading independent forensic firm” found that “an unauthorized third party gained access to several email accounts” from May 17, 2018 to June 18, 2018. The access was gained through a cyber phishing incident, officials said. Phishing occurs when a third party attempts to retrieve sensitive information by imitating a trusted source.
A release from the UNC School of Medicine said the information exposed “may have included patients’ names, dates of birth, demographic data such as addresses, health insurance information, health information, Social Security numbers, financial account information and credit card information.”
Medical records or patient care systems maintained by UNC Health Care were not affected by the breach, according to Tuesday’s release.
UNC began mailing notification letters on Tuesday to patients whose information was in the affected accounts, although “we have no indication that any information has been misused.”
UNC is offering credit monitoring and identity protection services to those individuals who may have had their Social Security number exposed.
“We recommend affected patients review the statements they receive from their health care providers and health insurer. If a patient sees services they did not receive, please contact the provider or insurer immediately.”
Officials said the medical school “takes its obligation to protect patient privacy very seriously and we are sorry that this incident occurred.”
Anyone who believes they might be affected but does not receive a letter before December 15 is asked to call 1-833-935-1367 between 9 a.m. and 9 p.m. Monday through Friday.