UNC Hospitals and School of Medicine in Chapel Hill, N.C., informed patients of a data breach exposing personal health information earlier this year.
In an April 2 news release, UNC Hospitals said a team member at the school of medicine clicked on a malicious phishing hyperlink they had received from a "known and trusted contact." The attacker then convinced the user to share multi-factor authentication codes to access the user's university email account.
The incident occurred Feb. 1 and the university identified the issue Feb. 2, resolving unauthorized access within 24 hours. Some patient information was present in the hacked email account.
UNC Hospitals and School of Medicine is installing additional email security measures and evaluating internal policies to prevent future issues.