Some readers may have trouble accessing a notice from the School of Medicine at the University of North Carolina — Chapel Hill due to an issue with Chrome, so I’m embedding the whole notification below. TL;DR version: some employees fell for a phishing attack and their email accounts may have been accessed between May 17, 2018 and June 18, 2018. UNC does not state when they first discovered the breach — only that they first confirmed on September 13, 2019 that accounts had been accessed and PHI was present in those employees’ email accounts. They are notifying 3,716 patients whose PII or PHI was in the affected employees’ email accounts. The PII/PHI may have included:
School of Medicine notifies patients about data breach from phishing incident - UNC News _ UNC News
patients’ names and dates of birth, and demographic data such as addresses, health insurance information, health information, Social Security numbers, financial account information and/or credit card information.