The University of Miami has notified individuals whose personal health information was involved in an incident involving an employee.
In June 2025, the University of Miami identified that an employee had viewed over 2,000 patient records between September 2022 and May 2025 without a legitimate business or clinical purpose. The University determined that the data viewed varied by patient but may have included elements such as first and last name, date of birth, medical record number, provider name, diagnosis/condition, insurance information, and vaccination status. It’s important to note that no financial information, including Social Security numbers or credit data, was viewed during this incident.
The employee was terminated and the University is collaborating with law enforcement to pursue any necessary actions against the terminated employee. The University engaged Kroll, Inc. to send notifications by postal mail to all patients involved in this incident.
Additionally, the University is continuing to work with cybersecurity experts to gather evidence, enhance our security measures and update our procedure practices to safeguard health information. The University of Miami is committed to data protection and regrets any inconvenience or concern this incident may have caused.
If you have not received a notification letter but think you may have been impacted by this incident, please call 305-243-5000, Monday – Friday, 9:00 a.m. to 6:30 p.m. Eastern Time, excluding major U.S. holidays, to learn whether your information was involved.