UPMC Data Breach Affects More Than 36,000 People

PITTSBURGH (WPXI) — More than 36,000 UPMC patients may have had some of their personal data “inappropriately accessed” after a data breach at a company providing billing-related legal services. A news release said officials with Charles J. Hilton & Associates noted suspicious activity affecting its employee email system in June last year. In late July, the investigation found a number of staff email accounts had been logged into by hackers from April 1 to June 25. Computer forensics investigators took over, confirming to UPMC in December that some patient information may have been accessed during the information security breach. The information accessed includes Social Security numbers, dates of birth, bank or financial account numbers, driver’s license or state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, trip numbers, Medicare or Medicaid identification numbers, individual health insurance or subscriber numbers, group health insurance or subscriber numbers, medical benefits and entitlement information, disability access and accommodation data, and information related to occupational health, diagnoses, symptoms, treatment, prescription or medications, drug tests, billing or claims and/or disabilities.