FARMINGTON, CT — Nearly three months after discovering a data breach, the University of Connecticut Health Center announced the breach to the public.
In a statement on its website, UConn Health Center said “that an unauthorized third party illegally accessed a limited number of employee email accounts. Upon learning of the incident, we immediately took action, including securing the impacted accounts to prevent further unauthorized access and confirming the security of our email system.”
Some of the emails that were illegally accessed included individuals’ names, dates of birth, addresses and limited medical information, such as billing and appointment information.
UConn Health identified 326,000 potentially impacted individuals. Social Security numbers were only included in communications related to 1,500 of those individuals.
UConn Health said it is offering free identity theft protection services to individuals whose Social Security numbers may be impacted.
The university discovered the breach on Dec. 24, 2018 and notified law enforcement and then retained a forensic security firm to investigate.
On Friday it released a statement on its website saying that it contacted “potentially impacted individuals for whom we have a valid mailing address.”