University of Vermont Medical Center notifies 2,300 patients of phishing incident
The University of Vermont Medical Center takes seriously the privacy and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.
On May 24, 2017, we learned an unauthorized third party gained access to an employee’s email account on May 22, 2017. We immediately shut down the employee’s email account and began an investigation. Our investigation determined an email in the account contained patient information, which may have included patients’ names, addresses, dates of birth, medical record numbers, and clinical information, such as diagnoses, treatment, physicians’ names and medications. Patients’ social security numbers and financial information, such as bank account or credit card information, were not included in the email account. This incident affected approximately 2300 UVM Medical Center patients.
While we have no evidence that any of our patients’ information was ever used in any way, we began mailing letters to the affected patients on July 21, 2017, and established a dedicated call center to answer patients’ questions. If you believe you may have been affected but do not receive a letter by August 22, 2017, please call 800-383-5522 from 9 am to 9 pm Eastern Time, Monday through Friday.
We deeply regret any inconvenience or concern this may cause our patients. To help prevent something like this from happening in the future, we are implementing additional security measures and are reinforcing education with our staff to assure protection of our patients’ information.
Source: University of Vermont Medical Center