UCMC said in a statement that it was "recently the victim of an email security incident" that allowed access to personal information. The university did not say how many people were impacted.
UCMC said between January 4 and January 30, there was unauthorized access to email accounts of "small number of UCMC workers." The university said it learned of the incident on January 6 and worked to secure the emails and stop the access. Officials said they also began an investigation into the breach with the help of a cybersecurity group.
UCMC said they determined on March 28 that personal information was "available in at least one of the affected email accounts."
The university said the information obtained from the accounts included first and last names, date of birth, social security numbers, passport numbers, driver's license or ID numbers, financial information including credit or debit card numbers and PIN codes, and patient information including patient ID numbers, hospital account record numbers, health insurance information, health information about diagnoses and treatments, and prescription information.
UCMC said patients, their family members and others who received services from the hospital were impacted by the breach.
People directly impacted are being contacted on an individual basis, the university said. Officials are advising employees and patients to monitor their account statements and credit reports, as well as official communications from healthcare providers to make sure services you are being billed for are accurate.