University of Missouri Health Care

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The University of Missouri Health Care (MU Health Care) experienced a significant data breach that was disclosed in May 2023. This breach involved the unauthorized access of patient electronic health records (EHRs) by a workforce member. The investigation into this incident revealed that the employee accessed 736 medical records between July 2021 and March 2023 without a verified Health Insurance Portability and Accountability Act (HIPAA) purpose. The compromised data included patient names, dates of birth, medical record numbers, and limited treatment and clinical information, such as diagnostic and/or procedure information. MU Health Care has stated that there is no indication that the accessed information was misused or re-disclosed. In response to the breach, MU Health Care has begun notifying affected individuals and has taken steps to prevent similar incidents in the future, including workforce education on appropriate access to patient information[1][6][9].

Additionally, the University of Missouri System, including MU Health Care, was impacted by a global data breach involving MOVEit, a file transfer software used by numerous organizations worldwide. This breach, reported in the summer of 2023, compromised personal information of some employees and students, potentially including names, birth dates, and Social Security numbers. The breach affected outside vendors used by the university for enrollment and pension processes, specifically Pension Benefit Information, LLC (PBI), and the National Student Clearinghouse. The University of Missouri System has launched an investigation to determine the extent of the impact and is notifying individuals who may have been affected. Measures recommended to protect personal information include checking credit reports annually, considering a credit freeze, and being cautious of suspicious emails[3][7][8][12].

These incidents highlight the ongoing challenges institutions face in protecting sensitive personal and health information from unauthorized access and cyberattacks.

Citations:

  1. https://www.komu.com/news/midmissourinews/mu-health-care-reveals-patient-data-breach/article_a596bc83-1297-57d2-a2ea-4820c7ef7945.html
  2. https://www.idstrong.com/sentinel/missouris-medicaid-program-hit-by-data-breach/
  3. https://www.komu.com/news/midmissourinews/um-system-employee-student-personal-information-impacted-in-global-data-breach/article_8a4bd316-3c41-11ee-9581-c35aeb962943.html
  4. https://awsmithlaw.com/university-of-missouri-hospital-data-breach-class-action-claims/
  5. https://www.govtech.com/security/missouri-grapples-with-medical-records-data-breach
  6. https://www.beckershospitalreview.com/cybersecurity/mu-health-care-says-snooping-employee-accessed-ehrs.html
  7. https://news.yahoo.com/university-missouri-system-data-breach-204451990.html
  8. https://fox2now.com/news/missouri/university-of-missouri-system-data-breach-impacts-thousands-investigation-launched/
  9. https://abc17news.com/news/columbia/2023/05/18/mu-health-care-warns-of-data-breach-more-than-700-medical-records-accessed-by-employee/
  10. https://www.columbiamissourian.com/news/local/mu-health-care-reveals-patient-data-breach/article_c2d5c576-f591-11ed-aee2-efef162ff5ba.html
  11. https://www.stltoday.com/news/local/government-politics/missouri-grappling-with-effects-of-data-breach-of-medical-records-student-info/article_f1b408ee-3d12-11ee-8fe0-3f77125c5beb.html
  12. https://www.umsystem.edu/ums/news/news_releases/202308161858672516_news
Breach Submission Date May 17, 2023
Converted Entity Name University of Missouri Health Care
Converted Entity Type Healthcare Provider
State MO
Individuals Affected 736
Breach Type Unauthorized Access/Disclosure

Breach Information Location Electronic Medical Record

Business Associate Present Yes