By HFT Staff

The University of North Carolina at Chapel Hill School of Medicine (SOM) and The University of North Carolina Hospitals (UNC Hospitals) announced that they are mailing letters to some individuals whose information may have been involved in a recent email security breach. 

On February 1, 2024, a University School of Medicine (SOM) user fell victim to a social engineering attack by clicking on a malicious phishing hyperlink received from a known and trusted contact. The threat actor misled the user into sharing the user’s multi-factor authentication code allowing the threat actor to access the user’s university email account. 

Related: UC San Diego Health Experiences Phishing Attack

After the university discovered the incident on February 2, 2024, the university secured the impacted email account, began an investigation, and retained a cyber security firm to assist in the investigation. This investigation confirmed that the unauthorized access was resolved within 24 hours of compromise. UNC Hospitals / UNC SOM has no indication that any other University, School of Medicine, or UNC Hospitals’ user email accounts or patient information systems were involved or accessed. 

On April 2, 2024, the university and UNC Hospitals began mailing letters to impacted individuals whose information may have been involved in this incident and established a call center to answer individuals’ questions.  

To date, UNC Hospitals and the university have no indication that any personally identifiable information has been misused. However, the University is offering 12-months of credit monitoring services to all impacted individuals whose driver’s license number, Social Security number, financial account information or health insurance identification number was potentially in scope.