Statement on Aug. 21 Data Breach

An email with an incorrect attachment that included the personal data of 2,281 University of Mississippi Medical Center students was sent to 190 students at 5:33 p.m. on Wednesday, Aug. 21 via their student accounts.
 
A total of 115 students opened the e-mail, and an undetermined number opened the attachment. The UMMC Department of Information Services was alerted and retracted the emails, an action that started within 50 minutes.

The attachment, a spreadsheet, contained personal information of 2,281 Medical Center students enrolled as of Aug. 21. The personal information of Medical Center residents and fellows was not included. The spreadsheet included names, dates of birth, Social Security numbers, ethnic origin, addresses, insurance information, UMMC school, GPA, credit hours earned, tuition and account balances.

UMMC administrators sincerely apologize for the mistake. The incident is under review and the 115 students who opened the e-mail received a follow-up message Thursday afternoon. All 2,281 people potentially affected will receive an e-mail today, followed by a hard-copy letter, detailing the options open to them through UMMC to further protect their personal information.

The original purpose of the email was to inform the 190 students of the health-care facilities that accept their student health insurance plan.

“The University of Mississippi Medical Center takes privacy and security very seriously and has established policies and procedures to help facilitate compliance with all privacy and security rules. Our institution regrets this incident and will take every action necessary to ensure it does not happen again,” said Carol Denton, UMMC chief integrity and compliance officer.