BreachExchange mailing list archives
Patient sues UConn Health in federal court over February data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 27 Mar 2019 23:26:57 -0500
https://www.courant.com/business/hc-biz-uconn-health-data-breach-lawsuit-20190326-mbab6zl755fe7f2mvkczsibcfu-story.html A New London woman has sued UConn Health over a data breach in February she says resulted in fraudulent activity affecting her bank account. In the federal lawsuit filed last week, Yoselin Martinez, a patient at the Farmington health center, said hackers “had months to access, view and steal patient data unabated.” In addition, she said UConn failed to recognize its systems had been breached and data on hundreds of thousands of current and former patients were being stolen. UConn Health said in February an unauthorized third party illegally accessed a “limited number of employee email accounts” that contained the Social Security numbers of about 1,500 people and other personal information of the remaining 324,500 potentially impacted people. In her lawsuit, Martinez accused UConn Health of failing to properly secure and safeguard their personally identifiable information and protected health information and failing to “provide timely, accurate and adequate notice” that personal information was compromised. The hacker gained access to employee email accounts through a phishing attack that exposed personal data, the lawsuit said. The exposed personal information included patients’ names, dates of birth, addresses, medical information and Social Security numbers, according to the lawsuit. Martinez is seeking to make the legal challenge a class-action lawsuit. Two UConn representatives did not immediately respond to an email seeking comment. UConn Health said Feb. 22 it immediately took action when it discovered the breach, including securing affected accounts to prevent further unauthorized access and that it confirmed the security of its email system. “UConn Health also notified law enforcement and retained a leading forensic security firm to investigate and conduct a comprehensive search for any personal information in the impacted email accounts,” it said. However, the data breach occurred “only because UConn failed to implement adequate and reasonable cyber-security procedures and protocols,” Martinez said. In addition to the fraudulent activity, Martinez said she’ll be at “heightened risk for financial fraud and identity theft” and damages for several years. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Patient sues UConn Health in federal court over February data breach Destry Winant (Mar 28)