University of Minnesota Physicians & McLeod Health Experience Email Account Breaches

by | Dec 7, 2020

University of Minnesota Physicians has been hit by a cybercriminal attack that result in access being gained to the email accounts of two members of staff. One corporate email account was rendered accessible from the time period between January 30 and January 31, 2020 and again on February 4, 2020.

After identifying the breach moves were swiftly put in place to safeguard the relevant email accounts. A team of cybersecurity specialist were contracted to ascertain the damage caused by the attack. Thankfully, nothing was discovered to suggest that emails on the server had been accessed or that private patient data had been illegally obtained, However it is not possible to completely eliminate that potential for data being accessed illegally.

After a further review of the impacted accounts showed that were holding the protected health information of specific patients. The range of data in the accounts varied greatly and may have included:

  • Names
  • Addresses
  • Birth and death dates
  • Contact details
  • Account numbers
  • Credit card information
  • Health insurance information

A small amount of those impacted also had their Social Security number stolen.

On March 30, 2020 notification letters were issued to impacted people. Now the breach investigation has been officially finished. Since the breach was discovered the University has introduced new security measures and conducted more security training for staff members. Additionally, impacted individuals have been provided with one year  of free credit monitoring and identity theft protection services through provider Kroll. It has been estimated that 683 individuals have been affected by the breach.

Meanwhile, South Carolina-based Mcleod Health has identified a HIPAA breach involving the infiltration of a staff email account which was accessed by unauthorized person. There was identification of suspicious email account activity on June 23, 2020. Following this the email account was immediately made secure.

An in-depth forensic investigation was completed to ascertain the extent of the the breach. This showed that the staff email account was infiltrated at some point between April 13, 2020 and April 16, 2020. On August 19, 2020, McLeod Health deduced that the determined the content of the email account had been stolen by a cybercriminal during that month.

Currently, McLeod Health is completing an investigation of the breached email account to see what range of information has been stolen by the hacker and which patients have been impacted. Alerts will be sent to those impacted when the review comes to an end.

Multi-factor authentication had previously been implemented by McLeod Health to stop impacted details from being used to obtain access to email accounts; however, some internal configuration had stopped it from being used on some devices. This is not being remedied and new security awareness training is being conducted for some members of staff.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy