UConn Health data breach exposes sensitive consumer information

The University of Connecticut Health Center Finance Corporation (UConn Health), a prominent healthcare system affiliated with the University of Connecticut, reported a significant data breach to the U.S. Department of Health and Human Services Office for Civil Rights. The breach involved unauthorized access to a UConn Health employee’s email account, compromising the sensitive personal information of an undisclosed number of individuals.

The breach was initially detected on June 14, 2024, when UConn Health identified suspicious activity within the email account of one of its employees. Promptly, UConn Health secured the compromised account and initiated a thorough internal investigation with the assistance of external cybersecurity experts. The investigation confirmed that an unknown and unauthorized individual gained access to the email account on the same day the suspicious activity was detected.

Further analysis revealed that the unauthorized party potentially acquired emails containing confidential consumer information. After a comprehensive review of the compromised data, UConn Health determined that the breach exposed various forms of sensitive information, including but not limited to names, dates of birth, Social Security numbers, driver’s license numbers, financial account numbers, medical treatment and diagnosis details, prescriptions, and health insurance information.

Upon completing its investigation on August 7, 2024, UConn Health began notifying affected individuals via data breach notification letters sent out on August 13, 2024. These letters outline the specific types of information compromised in the breach for each individual. Individuals who receive notification letters are strongly advised to take immediate steps to protect their personal information.