"UPMC Susquehanna has notified 1,200 patients treated at various UPMC Susquehanna locations that their personal information — including names, dates of birth, contact information and Social Security numbers — may have been inappropriately accessed.
In a release sent out Friday morning, UPMC Susquehanna privacy officer David Samar said health care system apologized for the breach. “We apologize for any concern or inconvenience that this may cause for our patients. I want to stress that patient care was never affected. UPMC is committed to meeting our patients’ privacy expectations. We cannot confirm if any of the information was used for improper purposes, but out of an abundance of caution we deemed it appropriate to inform those possibly affected by this breach.”
The breach was discovered on Sept. 21, when an employee reported suspicious activity to the information technology staff. As a result of UPMC Susquehanna’s internal investigation, it is believed that through a phishing attack the information may have been accessed."