UMass Memorial Health has become a victim to a phishing attack that allowed unauthorized access to employee email accounts from June 24th, 2020, to January 7th, 2021. After investigations concluded on August 25th, 2021, it was reported to the Department of Health & Human Services on October 15th that the incident affected more than 209,000 individuals. UMass Memorial health stated “We do not have any evidence that your information was in fact viewed or accessed, only that it was simply contained within an email account that was compromised.” Both hospital patients and plan participants were impacted. Compromised data included names, dates of birth, medical record numbers, health insurance and treatment information, dates of service, provider names, diagnoses, procedure information and/or prescription information, as well as subscriber ID numbers and benefits election information. Social Security numbers and driver’s license numbers were included for some people. UMass has not yet identified any misuse of the information, but as a preemptive measure they are offering a year of free credit and identity monitoring.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is