Misdirected email faulted in data breach affecting hundreds of UPMC insurance customers
Confirmation from Adam Smeltz of the Pittsburgh Post-Gazette that the UPMC Health Plan breach reported yesterday involved e-mail:
UPMC Health Plan blamed a misfired email message for the release of personal information about 722 members.
The email meant for a physician’s office in Lawrence County was sent instead to an incorrect address, revealing patient names, insurance membership numbers, birth dates and phone numbers, the Downtown-based insurer said today. It first confirmed the breach to the Post-Gazette on Tuesday.
Members’ insurance plan types and primary-care physician offices also appeared in the email, although it did not include Social Security numbers or information about medical histories, according to UPMC Health Plan. The company said it discovered the problem June 4, sent an advisory letter to affected customers and told authorities as required by law.
Read more on the Pittsburgh Post-Gazette.