MU Health reports data breach

COLUMBIA, Mo. (KMIZ)

University of Missouri Health Care said Thursday that it has notified patients affected by a September data breach.

The organization said in a news release that it finished those notifications May 5. The stolen information might have included names, birth dates, medical record numbers, health insurance information and "limited treatment and/or clinical information," according to the release.

Some patients' Social Security numbers were also compromised, MU Health said.

MU Health says it launched the investigation after learning Sept. 21 that someone might have accessed some email accounts of MU students affiliated with MU Health. The students had created accounts on a third-party service using the same user names and passwords they used for their MU accounts and the third-party site was breached, MU Health says.

"The unrelated third-party experienced a breach of its accounts, and the unauthorized individual(s) took advantage of the situation and may have used the stolen credentials from the third-party to access the students’ university email accounts," according to the news release.

The breach only affected patients whose information was contained in those emails, according to the release.

In August, MU Health reported a separate security breach which affected the information of 14,400 patients. The breach happened in April 2019.