More than 36,000 UPMC patients may have had personal data accessed due to security breach

This browser does not support the video element.

PITTSBURGH — More than 36,000 UPMC patients may have had some of their personal data “inappropriately accessed” after a data breach at a company providing billing-related legal services.

A news release said officials with Charles J. Hilton & Associates noted suspicious activity affecting its employee email system in June last year. In late July, the investigation found a number of staff email accounts had been logged into by hackers from April 1 to June 25. Computer forensics investigators took over, confirming to UPMC in December that some patient information may have been accessed during the information security breach.

“While there is no evidence that this data was misused, CJH and UPMC are alerting affecting patients through personal letters and public notification,” the news release said.

The information accessed includes Social Security numbers, dates of birth, bank or financial account numbers, driver’s license or state identification card numbers, electronic signatures, medical record numbers, patient account numbers, patient control numbers, visit numbers, trip numbers, Medicare or Medicaid identification numbers, individual health insurance or subscriber numbers, group health insurance or subscriber numbers, medical benefits and entitlement information, disability access and accommodation data, and information related to occupational health, diagnoses, symptoms, treatment, prescription or medications, drug tests, billing or claims and/or disabilities.

CJH is offering credit monitoring and identity protection services to anyone impacted by the data breach. If you have questions or concerns, you’re asked to call 888-724-0238.

Patients are asked to monitor their accounts for suspicious activity and report it immediately to their insurance company, health care provider, bank or credit card company.

This browser does not support the video element.