UAB Medicine is the latest health care outfit in the state to be hit by computer hackers. UAB announced Friday that 19,557 patients had their protected health information exposed.
Data available to hackers could include medical record numbers, birth date, dates of service, diagnosis, and treatment information. UAB says Social Security numbers were included for a small subset of patients, and those patients have been specifically notified.
The hackers gained access to the UAB system through a phishing attack. A number of employees accessed a phony survey and provided their username and password to the hackers, allowing the criminals to access the employees’ email accounts as well as the payroll system. UAB Medicine’s electronic health record and billing systems were not impacted by the attack.
An investigation revealed the cybercriminals were attempting to divert employees’ automatic payroll deposits to an account controlled by the hackers. There is no evidence the hackers were looking for, accessed or stole any protected health information.
Earlier this week, DCH Health System closed DCH Regional Medical Center in Tuscaloosa, Northport Medical Center in Northport and Fayette Medical Center to all “but the most critical new patients” after a ransom attack. Computer hackers attacked the hospital system’s computers, holding them ransom for an unspecified amount of money. University of Alabama students received an email informing them of the hospitals temporary shut down.
Springhill Medical Center in Mobile was hit by a ransomware attack in July.