Wednesday, February 26, 2025, 1:04AM |  45°
MENU
Advertisement
UPMC alerted the Department of Health and Human Services of the breach on July 2, federal records show.
1
MORE

Misdirected email faulted in data breach affecting hundreds of UPMC insurance customers

Post-Gazette

Misdirected email faulted in data breach affecting hundreds of UPMC insurance customers

UPMC Health Plan blamed a misfired email message for the release of personal information about 722 members.

The email meant for a physician's office in Lawrence County was sent instead to an incorrect address, revealing patient names, insurance membership numbers, birth dates and phone numbers, the Downtown-based insurer said today. It first confirmed the breach to the Post-Gazette on Tuesday.

Members' insurance plan types and primary-care physician offices also appeared in the email, although it did not include Social Security numbers or information about medical histories, according to UPMC Health Plan. The company said it discovered the problem June 4, sent an advisory letter to affected customers and told authorities as required by law.

Advertisement

"We apologize for any anxiety or inconvenience that this incident may cause our members. Based on our ongoing investigation, we will make all changes necessary to further enhance our already-stringent privacy protections," chief compliance officer William Gedman said in a statement.

Because Highmark will buy the services in bulk, it expects to get them at a discount, which should help contain any impact on prices for policies, according to the company.
Adam Smeltz
Blue Cross Blue Shield rolls out new identity protections

The company alerted the Department of Health and Human Services on July 2, federal records show. It wasn't immediately clear who received the email or how the recipient handled the data, but UPMC Health Plan said that party "was contacted."

Affected members with questions can call (888) 876-3764, the company said.

More than two dozen significant breaches of patient data have struck Pennsylvania health insurers, care providers and other entities over the last three years, according to HHS. Each of those involved at least 500 people.

Advertisement

Adam Smeltz: asmeltz@post-gazette.com, 412-263-2625 or on Twitter @asmeltz

First Published: July 15, 2015, 3:01 p.m.

RELATED
Rich Lord
UPMC Health Plan customers affected by data breach
SHOW COMMENTS (0)  
Join the Conversation
Commenting policy | How to Report Abuse
If you would like your comment to be considered for a published letter to the editor, please send it to letters@post-gazette.com. Letters must be under 250 words and may be edited for length and clarity.
Partners
Advertisement
The two Franks worked with pizza legends Chris Bianco and Chad Robertson to perfect their craft.
1
life
A beloved pizzeria is expanding beyond Brooklyn. First stop, Mt. Lebanon.
Students at Penn State Fayette, the Eberly Campus in Lemont Furnace, walk to class on Tuesday, Feb. 4, 2025.
2
news
Penn State to close some commonwealth campuses, President Bendapudi announces
Penn State president Neeli Bendapudi spoke during a dedication ceremony for the newly renamed Franco Harris Pittsburgh Center at Penn State, located in Uptown on Tuesday, Dec. 12, 2023.
3
news
Penn State Faculty Senate tables vote of no confidence in President Bendapudi
Pittsburgh Pirates starting pitcher Jared Jones (37) delivers during the first inning of a spring training baseball game against the Atlanta Braves, Tuesday, Feb. 25, 2025, in Bradenton, Fla.
4
sports
3 takeaways as Pirates suffer 1st loss of spring training to Braves
Ireland Brown is charged with assault, hindering apprehension, tampering with evidence and for the conduct of others in connection with what police have called a seemingly unprovoked attack on 53-year-old Preston Coleman at an Aliquippa VFW on Jan. 5. Investigators alleged that while Ms. Brown did not participate in the assault, she did nothing to intervene for the 30 minutes that it went on.
5
news
Lawsuit filed against Aliquippa VFW where ‘brutal’ assault occurred
UPMC alerted the Department of Health and Human Services of the breach on July 2, federal records show.  (Post-Gazette)
Post-Gazette
Advertisement
LATEST business
Advertisement
TOP
Email a Story