UHS of Delaware, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

UHS of Delaware, Inc., a healthcare system based in King of Prussia, Pennsylvania, experienced a significant data breach in early 2023, affecting patient information across its network. The breach was linked to a cyberattack on a vendor associated with UHS of Delaware, leading to unauthorized access to sensitive patient data. This incident underscores the growing cybersecurity threats faced by healthcare providers, which hold vast amounts of personal and medical information.
Overview of the Breach

On January 18, 2023, a vendor of UHS of Delaware detected suspicious activity within its computer system, which was later identified as a successful email phishing attack. This breach allowed unauthorized access to emails and attachments, including sensitive consumer data such as full names, patient account numbers, medical record numbers, admission and discharge dates, status of diagnoses, and associated billing amounts

Impact and Response

The breach affected over 130,000 patients, including their Social Security numbers, primarily in Texas, but given UHS of Delaware’s extensive network of over 400 facilities nationwide, patients across the country could potentially be impacted

In response, UHS of Delaware began sending out data breach notification letters to all individuals whose information was compromised. The company also offered free credit monitoring to victims, although it was suggested that one year of credit monitoring might not be sufficient to protect against the risks of a data breach

Legal and Regulatory Implications

The breach at UHS of Delaware, Inc. has drawn attention to the legal and regulatory challenges facing healthcare providers in the wake of cyberattacks. Healthcare providers are among the most frequently targeted organizations due to the sensitive nature of the information they hold. The incident has led to investigations and potential legal actions from affected patients, emphasizing the need for robust cybersecurity measures and compliance with data protection laws

Breach Submission Date Mar 29, 2023
Converted Entity Name UHS of Delaware, Inc.
Converted Entity Type Business Associate
State PA
Individuals Affected 40,290
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes