The Urology Center of Colorado ('TUCC') notified, on 5 November 2021, the U.S. Department of Health and Human Services' ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 137,820 individuals. In particular, TUCC outlined that their investigation determined that an individual accessed their network for a brief period of time between 7 September and 8 September 2021. In addition, TUCC noted that although they have no evidence to suggest actual or attempted misuse of information as a result of this incident, they are notifying individuals with information contained within the network. Moreover, TUCC highlighted that the type of information varies by individual, but includes name and one or more of the following data elements: date of birth, social security number, address, phone number, email address, medical record number, diagnosis, treating physician, insurance provider, treatment cost, and/or guarantor name.

Furthermore, TUCC noted that upon discovering this incident, they reset account passwords and implemented additional security measures to further protect information. Lastly, TUCC highlighted that they are also providing potentially impacted individuals with access to credit monitoring and identity protection services as an added precaution.

You can read TUCC's notice here and access the OCR breach notification here.