AMHERST, Mass. – The University of Massachusetts Amherst is notifying clients of the university’s Center for Language, Speech, and Hearing that their protected health information was possibly revealed after a workstation was inadvertently infected with a malware program.
The malware infection was detected on April 5, 2013. A subsequent investigation by the university’s Office of Information Technologies found no evidence suggesting or indicating that any data was copied from the workstation. The data includes Social Security numbers, addresses, names, dates of birth, health insurance company names or names of other payee, insurance numbers, primary health care or referring physicians, and diagnoses and procedure codes.
A total of 1,670 patient records were affected. University officials, while stressing that the risk of theft of this information is low, are notifying individuals in accordance with federal The Health Information Technology for Economic and Clinical Health Act (HITECH).
The Center for Language, Speech, and Hearing offers a range of clinical services for individuals with communication disorders, differences or delays. It is managed by the university’s Department of Communication Disorders, which is part of the School of Public Health and Health Sciences.
In a letter to the affected patients, Dan Gerber, associate Dean of the School of Public Health and Health Sciences, advises them to pay particular attention to “any unusual activity with respect to your health insurance information to limit the likelihood of misuse of PHI [protected health information].”
The letter notes that UMass Amherst has taken steps to improve the support and security for all workstations located in the center, installed automated software to detect malicious activity, and identified files in departmental computers containing personal information. In addition, current and new staff will receive additional training in security practices.