Hard on the heels of a ransomware attack that closed three hospitals in the DCH Health System comes the announcement of yet another successful healthcare hack in Alabama. UAB Medicine is now notifying over 19,000 patients that a malicious email posing as a business survey has exposed their protected health information. Despite security awareness training, hackers were able to gain access to emails on August 7th and potentially view protected information. UAB Medicine states that their electronic health records and their billing systems were not compromised in the attack.
The malicious email did, however, attempt to redirect workers’ automatic payroll deposits into an account controlled by the hackers. According to Joseph Goedert at Health Data Management, UAB Medicine successfully prevented all attempts by the hackers to redirect the payroll, although limited amounts of protected information could have been viewed by the attackers. “UAB takes the protection of our patients’ health information very seriously and sincerely regrets this potential intrusion on your privacy,” states the notification letter.
Cybersecurity firm Kroll has been brought in by the organization to determine the exact attack specifics. In the meantime, the organization has instituted a multi-factor authentication for all emails and is offering all affected patients one year of free credit monitoring and reporting services.