Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

September 9, 2024

United Way of CT, UConn Health hit by data breaches

Contributed UConn Health's John Dempsey Hospital.

Both the United Way of Connecticut and UConn Health have been hit with data breaches in the past couple of months.

Both organizations reported a “hacking/IT incident” to the U.S. Department of Health and Human Services Office for Civil Rights, which lists each incident as “currently under investigation.”

According to the incident reports listed on the federal website, the data breach at the United Way was reported on Sept. 3 and potentially affected more than 8,000 people, while the UConn Health breach was reported on Aug. 13 and potentially affected 500 people. 

The United Way has not posted anything about the incident on its website but the organization confirmed that it occurred on May 29.

United Way of Connecticut President and CEO Lisa Tepper Bates said the incident involved just a single email address.

“This was actually a single staff email inbox that was compromised via a phishing email,” she said Monday in an interview with Hartford Business Journal. “I just want to be clear that this was not, in fact, any kind of compromise of our data systems.”

She said the figure of more than 8,000 people is the maximum number of people that potentially could have been affected, which is the standard set for reporting a data breach to the federal government.

“The standard is very high, so you have to reach out to anyone who in any way may have had any information at risk,” Tepper Bates said. “That's the number of people who had interaction with this program and who may have been in this staff email inbox, or any reference to them may have been in there, so that's a very cautious maximal number.”

She said the staff is investigating the incident with the help of an outside company and legal counsel and is in the process of mailing letters to anyone who may have been affected.

She added that anyone affected will be offered free credit monitoring.

UConn Health, meanwhile, posted a “Notice of a Data Incident” on its website about its breach. The notice states that on June 14, the organization discovered “suspicious activity in a single UConn Health email account” and “promptly took steps to further secure the account.”

The organization then began an internal investigation, while also hiring a forensic security firm to assist, it said.

The investigation determined that an “unknown, unauthorized third party accessed the email account for a short period of time on June 14, 2024,” the notice states. “The investigation also determined that the third party may have accessed and acquired certain emails from the account during this period.”

Subsequently, on Aug. 7, UConn Health said, it determined that the email account contained personal information including, “depending on the individual, their name, date of birth, Social Security number, driver’s license number, financial account number, medical treatment/diagnosis information, prescriptions, and.or health insurance information.”

UConn Health said it began mailing notification letters to affected individuals on Aug. 13. The mailed notice includes information that affected individuals can use to protect themselves, the organization said.

UConn Health did not immediately respond to a request for comment.

Sign up for Enews

Related Content

0 Comments

Order a PDF