On February 13, 2020, UPMC became aware that a UPMC physician’s email account was compromised by a hacker. As a result, UPMC immediately initiated a forensic investigation. Through this investigation, it was confirmed that the hacker gained access to the physician’s email account for a short period of time. It appears that the hacker only used the e-mail account to send phishing emails. While it does not appear that the hacker accessed anyone’s health information, we cannot guarantee that this was the case.
What information was involved?
Through the investigation, we learned that patient information was contained in one or more emails within the physician’s email account affected by the incident. The affected emails may have contained demographic information as well as limited clinical information. No social security numbers or medical records were accessed inappropriately.
What actions should you take?
If you have further questions about this incident, please call our toll-free helpline at 1-855-451-8762. If you have received a notification letter from UPMC there are several resources referenced in the letter that you may choose to use to further protect your information.
What are we doing?
Based on UPMC’s commitment to patient privacy, it is important that we keep our patients informed of these types of incidents when they arise. We are continuing to use the best available cyber security and data protection safeguards in our facilities. We began mailing letters to affected customers on April 10, 2020 and established a dedicated toll-free hotline for patients to call with questions. If you believe you are affected by this incident, please call the toll-free hotline at 1-855-451-8762. UPMC representatives will be available to take your call Monday through Friday, 7 a.m. and 7 p.m. and 8 a.m. to 3 p.m. Eastern Time, excluding major U.S. holidays.
UPMC Office of Patient and Consumer Privacy