Data Breaches Reported by University of Maryland Faculty Physicians and Highpoint Foot & Ankle Center

A phishing attack on the University of Maryland Faculty Physicians, Inc. (FPI) potentially resulted in the access of the protected health information (PHI) of the University of Maryland Medical Center (UMMC) patients by unauthorized people.

FPI is made up of faculty members with varying medical specialities from the University of Maryland School of Medicine. It gives assistance to doctors and staff members who offer their services at UMMC facilities.

After discovering the unauthorized access of an email account, FPI secured the account and launched an extensive investigation to find out the nature and extent of the attack. On May 26, 2020, FPI confirmed that an unauthorized person accessed the email account containing the PHI of 33,896 persons, from February 6, 2020 to February 11, 2020.

The types of information held in the account varied from patient to patient and probably included the following data along with patient names: Date of birth, medical record number, and clinical information associated with the services received at a UMMC location or from an FPI-affiliated physician. Some Social Security numbers were also found in emails and email attachments. There is no evidence uncovered indicating that the attacker viewed or obtained patient data.

FPI and UMMC have performed an evaluation of policies and procedures and took steps to enhance email security to stop further breaches in the future.

25,554 Patient Records of Highpoint Foot & Ankle Center Potentially Compromised

Highpoint Foot & Ankle Center located in Chalfont, PA learned that an unauthorized individual performed a remote access attack and acquired access to its systems that contain the data of 25,554 patients. The center detected the security breach on May 20, 2020 and took prompt action to avoid further unauthorized system access.

An immediate internal investigation conducted confirmed that the hacker got access to patient information that included patient names, addresses, birth dates, contact numbers, diagnosis and treatment information and Social Security numbers. Despite the confirmed unauthorized access by the attacker, there is no evidence found that indicated the viewing or copying of patient information. There is also no report received alleging the misuse of patient data.

Highpoint Foot & Ankle Center has enforced more safety measures to avert other security breaches and has provided the affected patients with a complimentary membership to MyIDcare credit monitoring and identity theft protection services.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA