Eight months after data breach, UMass Amherst finally notifies affected patients

A malware infection of a hard drive at the University of Massachusetts Amherst that occurred last June, but wasn't discovered until October, resulted in a breach of health information for 942 University Health Services patients, Health Data Management reports. While entities are required to notify those affected in such situations within 60 days, the University waited until this week to begin notifying the patients, assuming that their 60-day window did not begin until Feb. 1, when their investigation of the matter ended. Among the data at risk is patient and insurer names, medical record numbers, medications and physician names. Article