An employee of Chapel Hill, N.C.-based UNC Health fell for a social engineering scam, potentially exposing the data of 6,377 individuals.
In July, the University of North Carolina School of Medicine faculty member and UNC Hospitals clinician received a malicious phishing hyperlink in an email from a known contact and approved a multifactor authentication code that gave a hacker access to the faculty member’s email account, according to a Sept. 19 notice.
UNC Health, in collaboration with multiple cybersecurity firms, secured the compromised account within 15 hours, but not before patient data may have been exposed, including names, dates of birth, medical records and research study participation.
“Following the incident, the University SOM faculty member received guidance on best practices to identify and avoid phishing emails,” the organization stated. “The University is also evaluating its email policies, procedures, and technical safeguards to identify areas for improvement to help reduce the risk of similar incidents in the future.”
The post Social engineering hack hits UNC Health appeared first on Becker’s Hospital Review | Healthcare News & Analysis.
Health IT
