CHAPEL HILL, N.C.--(BUSINESS WIRE)--Today, The University of North Carolina at Chapel Hill School of Medicine (“SOM”) and The University of North Carolina Hospitals (“UNC Hospitals”) announced that they are mailing letters to some patients whose information may have been involved in a recent incident.
On May 20, 2021, SOM and UNC Hospitals learned that an unauthorized person may have gained access to a single SOM faculty member’s email account. This SOM faculty member provides clinical services at UNC Hospitals. SOM and UNC Hospitals secured the impacted email account, began an investigation, and a cyber security firm was engaged to assist in the investigation. The investigation confirmed that the unauthorized access was isolated and limited to April 20, 2021. SOM and UNC Hospitals have no indication that any other SOM or UNC Hospitals user email accounts or patient information systems were involved or accessed.
SOM and UNC Hospitals conducted a comprehensive review of the contents of the email account and have determined that messages or attachments may have contained some patient information, including patients’ names, dates of birth, diagnosis and treatment information related to care patients received from UNC Hospitals, and/or information about a research study patients may have been involved in or eligible for at UNC Hospitals/SOM. Health insurance information was identified for less than 30 patients and Social Security numbers for less than 10 individuals.
On July 19, 2021, SOM and UNC Hospitals began mailing letters to patients whose information may have been involved in this incident and established a call center to answer patients’ questions. If patients have any questions about this incident, they should call 1-855-545-1984, Monday through Friday, between 9:00 a.m. and 6:30 p.m., Eastern.
No Misuse Indicated
To date, SOM and UNC Hospitals have no indication that patient information has been misused. SOM and UNC Hospitals recommend that patients closely review the billing statement they receive from their healthcare providers. If they see any services that they did not receive, they should contact the provider immediately.
SOM and UNC Hospitals deeply regret any concern or inconvenience this incident may cause. In response to this incident, SOM and UNC Hospitals are implementing additional email security measures and providing additional training to their workforce members on how to identify and avoid phishing emails to help prevent something like this from happening again.