In what's becoming an all-too-common tale of digital security breaches, the University of Minnesota's Department of Orthodontics recently fell victim to a clever phishing campaign. According to the information released by the University, the incident occurred on August 9, when an unauthorized individual managed to gain access to a contact list through a compromised email account, subsequently using that to send out phishing emails to the contacts involved.
The breach was rapidly identified on the very day it took place, and the University worked swiftly to shut down the account to prevent any further unwarranted activity. However, what's of particular note is the nature of the information insidiously obtained—names and email addresses of 1,331 patients, which, thankfully, didn't include their statuses as patients, medical treatment details, financial data, or any other sensitive personal information. Still, the potential for this to have been exponentially worse cannot be overlooked—or entirely discounted, given today's digital hazards that we can too readily dismiss as rare occurrences that won’t happen to us.
The action taken immediately furthers the narrative of a quick and coordinated response. "The University of Minnesota Department of Orthodontics notified its contact list informing those contacts to disregard the email and any links or attachments associated with the email," explained the official notification. In a further step to mitigate the incident's aftermath, additional preventative measures have been implemented including bolstered security training to ward off phishing and similar dangers in the future.
Inquiries regarding the breach have their respective channels for further communication: the University has advised media queries to be directed to [email protected], while privacy-related questions from individuals should be sent to [email protected].