UAB Medicine

UAB Medicine, also known by itsalias, is a medical center headquartered in the United States of America. As a medical center, its primary function is the delivery of healthcare services to patients, which includes clinical care, diagnostics, and treatment. In the course of providing these services, the organization routinely collects, stores, and transmits protected health information such as names, birth dates, diagnoses, treatment details, and Social Security numbers. The handling of this sensitive data places UAB Medicine under federal privacy requirements that govern the protection of personal health information. While the organization's exact patient volume or geographic reach is not disclosed in the available sources, its headquarters location confirms its operation within the United States. The scale of its data stewardship was highlighted in a 2019 incident that exposed the personal information of nearly 20,000 individuals.

On August 7, 2019, a phishing campaign targeted UAB Medicine by sending fraudulent emails that impersonated an executive of the organization. Employees who responded to these messages inadvertently disclosed their login credentials, granting attackers access to the payroll department's email accounts. Those email accounts contained protected health information, allowing the intruders to view names, birth dates, diagnoses, treatment details, and some Social Security numbers of patients. Although the attackers were unable to redirect payroll payments, the breach resulted in the exposure of sensitive data for close to 20,000 people. Upon discovery, UAB Medicine notified the affected individuals about the compromise and offered guidance on protecting their personal information. In response to the incident, the organization strengthened its employee cybersecurity training programs to raise awareness of phishing threats. Additionally, it implemented multifactor authentication for email accounts to add an extra layer of security against credential theft. The event underscores the ongoing challenge healthcare organizations face in safeguarding protected health information against social engineering attacks. No further details about subsequent incidents or long‑term changes beyond those described are provided in the source material. Consequently, the profile of UAB Medicine is defined by its role as a healthcare provider that manages substantial volumes of sensitive patient data and has taken concrete steps to improve its cybersecurity posture after the 2019 breach.