UNM Health found out that an unauthorized third party acquired access to its system and possibly viewed and copied files from that included patients’ protected health information (PHI). The healthcare provider discovered the security incident on June 4, 2021 and immediately launched an investigation to determine the extent of the breach.
UNM Health confirmed that the unauthorized third party accessed its systems on May 2, 2021 along with files that contain the PHI of its patients. The PHI of patients of UNM Hospital, UNM Sandoval Regional Medical Center Inc. and UNM Medical Group, Inc. was likewise possibly exposed.
A thorough evaluation of all files on the breached segments of its system was done and it was affirmed they included data like names, addresses, birth dates, patient identification numbers, medical record numbers, health insurance data, and certain clinical data associated with the healthcare services offered by UNM Health. A limited number of patients’ Social Security numbers were likewise possibly exposed in the breach. UNM Health stated the breach did not affect its medical record systems.
On August 3, 2021, UNM Health began mailing breach notification letters to all people possibly impacted by the breach. Free credit monitoring and identity theft protection services were provided to all people who had their Social Security number exposed.
UNM Health did not make known the specific nature of the security breach, however, stated it has put in place extra procedures to enhance its system’s security to avoid identical attacks later on and has additionally given training to its employees regarding data security.
UNM submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights, which indicated around 637,252 patients were impacted by the breach. This incident is considered the 19th biggest healthcare data breach reported to date this year. It is also the biggest ever breach reported by a New Mexico healthcare company.