HIPAA Alert: Employee Mistake Costs a Hospital $750,000

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a settlement with the University of Washington Medicine (UWM) following a HIPAA breach. This is the first settlement involving a breach resulting from a scam email or phishing attack. 

One of UWM’s employees opened an email attachment containing malicious malware. The malware led to a breach of approximately 90,000 individuals. Information exposed included patient names, demographic info, dates of birth, social security numbers, medical record numbers, dates of service, charges or balance due and insurance identification or Medicare numbers.

Employees must realize the increased risks caused by highly sophisticated phishing attacks.

Immediately contact the IT Service Desk at (402) 354-2280 if you receive an email asking you to click on a link to provide more information or directing you to an outside website.