USA: UMC notifies OCR of data breach
University Medical Center Southern Nevada ('UMC') notified, on 13 August 2021, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 1,300,000 individuals. In particular, UMC noted that it has no evidence to date that cybercriminals accessed any clinical systems, including those interfaced with the hospital's electronic health records. However, UMC highlighted that certain files on network servers were compromised, which contained, among other information, personally identifiable information and protected health information. Furthermore, UMC detailed that information about affected individuals, such as demographic information, clinical information, or financial information may have been included in the compromised files.
As a response to the incident, UMC noted that it had informed the relevant authorities, is engaged in a number of security initiatives and is providing complimentary identity protection services for those affected by this cyberattack.