On 4/11/22, UPMC became aware our patients' protected health information may have been inappropriately accessed. Through investigation, UPMC determined that Protected Health Information was inappropriately accessed as a result of an employee inappropriately accessing UPMC medical records without a UPMC business need.
The potentially accessed information varies by individual, but may include first and last names, dates of birth, diagnosis, medications, medical treatment information, and financial account information. Social Security Numbers were not involved in this incident.
Information privacy and security are among the highest priorities at UPMC. As such, we immediately took steps to mitigate any negative impact of the breach including ensuring that no further access by employee occurred. As a result of this issue, and to avoid future issues, UPMC has taken the following steps:
UPMC has mitigated the risk of potential negative outcomes resulting from this breach to the best of our ability. For more information related to this breach, please reach out to the Office of Patient & Consumer Privacy by calling 412-647-5757 or emailing email@example.com.