Posted On May 19, 2023 Consumer Privacy & Data Breaches
May 19 – United Health Services of Delaware (UHS of Delaware) reported a data breach to the Montana Attorney General’s office on May 17, 2023, after discovering that a third-party vendor had fallen victim to a cyberattack that exposed sensitive patient data. According to the company’s formal statement, the event led to an unauthorized party acquiring access to consumers’ first and last names, diagnoses, medical record numbers, patient account numbers, billing information, and significant dates, including dates of admission and discharge. When it became clear that consumer information had been compromised, UHS of Delaware immediately started notifying those affected by the incident.
Console & Associates, P.C., data breach lawyers, are now looking into the UHS of Delaware data breach. If you have been notified of a breach, it is possible that your personal data has been compromised. We are providing free consultations to anybody who has questions about what to do next, how to be safe in the future, and whether UHS of Delaware can be held accountable for damages resulting from the breach.
UHS of Delaware is a healthcare system that supports about 94,000 jobs and brings in over $13 billion a year. Despite having its headquarters in King of Prussia, Pennsylvania, UHS of Delaware manages more than 400 hospitals, medical facilities, and clinics across the United States, the United Kingdom, and Puerto Rico.
UHS of Delaware’s computer system reportedly experienced unusual behavior on January 18, 2023, as reported by a third-party vendor in a filing with the Montana Attorney General’s office. After conducting an investigation, it was found that an email phishing attempt had successfully allowed access to one user’s email account, giving the attacker full access to all of the user’s messages and attachments.
As soon as UHS of Delaware learned that confidential consumer information had fallen into the wrong hands, a thorough investigation into the compromised files had begun. Information such as first and last names, diagnoses, medical record numbers, patient account numbers, billing information, and dates of admission and discharge may have been compromised, albeit the specific data compromised may vary from patient to patient.
UHS of Delaware sent notification letters of a data breach to anybody whose personal information was compromised on May 17, 2023.
Since hackers obtained illegal access to UHS of Delaware’s computer system and disclosed patient data, the company can also be considered a victim of the breach. They were also the ones who had to ensure the safety of your data. Most people would trust a hospital with private information without a second thought. However, hackers were able to access the confidential patient information kept by the company. If it is shown that they were negligent in safeguarding your information, UHS of Delaware might be held financially accountable for any losses sustained as a consequence of the attack.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the UHS of Delaware data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to affected individuals:
[Redacted] places a priority on the importance of patient privacy and data security. We write to inform you about an incident that may have involved some of your patient information.
What Happened? On January 18, 2023, a service provider became aware of suspicious activity in their email system and determined that, on or about January 9, 2023, one user’s email account had been accessed without authorization as a result of a phishing incident. “Phishing” means that the user was tricked into sharing login information and enable an unauthorized person to access the email account. They immediately reset the account credentials and launched an investigation into the nature and scope of the incident. The investigation found that the user’s email account was only accessed through a web browser, and while certain emails may have been accessed by the unauthorized person, there is currently no evidence that suggests any patient information in the emails were the target of the attack or otherwise copied or misused in any way. Nevertheless, an extensive effort was made to match patient information in the emails with available mailing addresses in our system, and we are notifying you of the incident in an abundance of caution and so you can take steps to protect your information if you find it appropriate to do so.
What Information Was Involved? The patient information potentially affected by the incident typically included full name, patient account and/or medical record number, admission and/or discharge date, status of diagnosis and/or discharge, and in some instances, associated billing amounts. Please note the emails did not contain Social Security numbers or financial payment information, and generally did not include any email, phone number, mailing address or other personal information.
What We Are Doing. Email security measures are being reviewed and enhanced in light of the incident, as well as additional training and security reminders for relevant staff. While we are unaware of any actual or attempted misuse of the patient information, we are offering you 12 months of identity surveillance and restoration services through Experian at no charge.
What You Can Do. Please review the enclosed Enrollment Instructions for information on how to enroll in the Experian services. While the enrollment involves no cost to you, you need to enroll by August 31, 2023 to activate the services.
More Information. We sincerely regret any inconvenience this incident may have caused you and are committed to providing quality care, including protecting your information. If you have any questions, please call our dedicated assistance line at 800-984-9630 (toll-free), Monday – Friday, 9:00 a.m. to 11:00 p.m. Eastern Time, and Saturday – Sunday, 11:00 a.m. to 8:00 p.m. Eastern Time. This dedicated line will be active until August 31, 2023.