Privacy and Breach Alerts

UPMC Susquehanna has notified 1,200 patients treated at various UPMC Susquehanna locations that their personal information may have been inappropriately accessed.

“We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected,” said David Samar, UPMC Susquehanna’s privacy officer. “UPMC is committed to meeting our patients’ privacy expectations. We cannot confirm if any of the information was used for improper purposes, but out of an abundance of caution we deemed it appropriate to inform those possibly affected by this breach.”

The breach was discovered on September 21, 2017, when an employee reported suspicious activity to the information technology staff. As a result of UPMC Susquehanna’s internal investigation, it is believed that through a phishing attack the information — including patients’ names, dates of birth, contact information and Social Security numbers — may have been accessed.

UPMC Susquehanna has notified the U.S. Department of Health and Human Services as required by the federal Health Insurance Portability and Accountability Act (HIPAA) that the information may have been accessed.

UPMC Susquehanna has sent letters notifying all of the patients affected.

The health system has provided patients with information on how to place a fraud alert in their files with the three major credit-reporting companies, and has supplied them with links to access identity protection resources available through the Federal Trade Commission. UPMC Susquehanna has also set up a toll-free telephone line with representatives who can answer questions from these patients and respond to any concerns.

UPMC Susquehanna took immediate corrective action with the staff members involved, including intensive re-training on the applicable policies and laws. In addition, UPMC Susquehanna has completed a comprehensive review of current procedures for keeping patient information secure. Current procedures include a combination of staff education, employment screening and other industry best practices. UPMC Susquehanna requires every staff member to participate in privacy/confidentiality annual education.

“We are committed to keeping patient information secure and strives to continually implement improvements to prevent such an incident from happening again,” Samar said.

Patients who have any questions or concerns are welcome to contact UPMC at 800-994-5697.​

UPMC | Affiliated with the University of Pittsburgh Schools of the Health Sciences | Supplemental content provided by Healthwise, Incorporated. To learn more, visit www.healthwise.org

For help in finding a doctor or health service that suits your needs, call the UPMC Referral Service at 412-647-UPMC (8762) or 1-800-533-UPMC (8762). Select option 1.

UPMC is an equal opportunity employer. UPMC policy prohibits discrimination or harassment on the basis of race, color, religion, ancestry, national origin, age, sex, genetics, sexual orientation, gender identity, marital status, familial status, disability, veteran status, or any other legally protected group status. Further, UPMC will continue to support and promote equal employment opportunity, human dignity, and racial, ethnic, and cultural diversity. This policy applies to admissions, employment, and access to and treatment in UPMC programs and activities. This commitment is made by UPMC in accordance with federal, state, and/or local laws and regulations.

Medical information made available on UPMC.com is not intended to be used as a substitute for professional medical advice, diagnosis, or treatment. You should not rely entirely on this information for your health care needs. Ask your own doctor or health care provider any specific medical questions that you have. Further, UPMC.com is not a tool to be used in the case of an emergency. If an emergency arises, you should seek appropriate emergency medical services.

UPMC
Pittsburgh, PA, USA | UPMC.com