From The Trussville Tribune staff reports
BIRMINGHAM — UAB Medicine announced on Friday that over 19,000 patients might have had personal information exposed to hackers after a cyberattack was discovered in August.
A news release said hackers got into the records through a malicious email that fooled employees who gave up their usernames and passwords. The hackers were then able to access the payroll system but were unable to transfer payroll deposits.
“The investigation revealed the cybercriminals were attempting to divert employees’ automatic payroll deposits to an account controlled by the hackers,” the release said. “UAB Medicine prevented all attempts by the hackers to re-direct payroll deposits. There is no evidence the hackers were looking for, accessed or stole any protected health information contained in the compromised accounts. However, limited amounts of protected health information could have been viewed by the hackers while they had access to the affected email accounts.”
The attack looked like a request from an executive who wanted employees to fill out a survey.
UAB Medicine said it was notifying 19,557 patients who had information exposed. Anyone whose Social Security number was vulnerable had already been notified, officials said.
The university encourages people to check credit reports in an effort to spot suspicious activity. Any person affected by the attack will have free credit monitoring available for up to a year. Affected patients can call 877-594-0950 for more information.