Patients Notified of Recent Hospital Data Breach in Alabama

UAB, the University of Alabama at Birmingham Medicine, has recently reached out to patients who are impacted by a hospital data breach. Impacted patients received a notification that criminal hackers were able to get access to certain email accounts for employees in which patient information could have been included in the email accounts.

Hacking into healthcare systems is extremely popular because of the quantity of personal data points and massive financial systems often connected to employees or patients.

Some of the most common ways for healthcare facilities to be targeted have to do with vendors using outside software with unsecure systems and phishing, which refers to sending emails in an effort to collect passwords or other data.

How Did Hackers Access the Hospital System?

The hospital data breach reportedly occurred when hackers sent out an email that looked legitimate, asking employees to complete a survey. Many employees completed the survey and provided their passwords and usernames to the hackers. making their email programs open to the criminals reports the Birmingham Business Journal.

The payroll system was also accessible to the criminals as a result, although representatives sharing about the hospital data breach said that the billing systems and electronic health records systems for the hospital were not impacted According to hospital representatives, the discovery of compromised emails occurred on Aug. 7, 2019.

The impacted accounts had their passwords reset but the full impact of this data breach for UAB medicine and the affected patients is not yet been known, according to reports. The purpose of the phishing attack, according to investigations, was to attempt to move automatic payroll deposits for employees to an account that the hackers controlled.

All attempts that the hackers engaged in to redirect payroll deposits were reportedly prevented by UAB Medicine and the statements from the hospital say that there was no reason to believe that patients’ electronic health record information or personal data was the target of the attack.

In total, nearly 20,000 patients were reportedly notified that their health information had been exposed and was potentially accessed by hackers. This information could have included their dates of hospital service, their medical record number, birth dates, social security numbers, diagnosis and treatment information, and location of their service.

Any patients who received notification about this hospital data breach from the University of Alabama at Birmingham have been encouraged to review their insurance statements and credit reports carefully to identify whether fraudulent activity could have occurred. In many cases, hackers and data thieves attempt to gather as much information as possible to be able to open accounts and leverage this personally identifying information.

Some instances of identity theft will not appear until months or even years later, particularly, if the quality of the data like a social security number is something that is unlikely to change between the time of the attack and when hackers will attempt to leverage it for other purposes.

If you believe that you have been subjected to a hospital phishing attack or data breach, you could be eligible to initiate a lawsuit against the responsible company. Scheduling a consultation with an experienced lawyer could be your next step- make sure you’re prepared since Top Class Actions can help you find an attorney.

Join a Free Hospital Ransomware Attack Class Action Lawsuit Investigation

If you were a patient at a hospital or healthcare facility affected by a ransomware attack that impacted your medical care, you may qualify to join a hospital ransomware attack class action lawsuit investigation.

Learn More

This article is not legal advice. It is presented
for informational purposes only.