BreachExchange mailing list archives
10, 000 patients affected by data breach at University of Utah Health
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 30 Jul 2020 08:53:53 -0500
https://kutv.com/news/local/information-of-10000-patients-affected-by-data-breach-at-university-of-utah-health SALT LAKE CITY (KUTV) — Approximately 10,000 patients' information was affected by a data breach at the University of Utah Health, according to the U.S. Department of Health and Human Services. The department states information about the breach was processed on Monday, July 20. The health system stated in a press release on June 5 that a breach occurred between April 6 and May 22. A hacker gained unauthorized access to some of the U of U health employees’ email accounts as part of a phishing scheme. In the press release, the U did not specify how many employees were affected. At least 10,000 patients' information has been affected by a data breach at the University of Utah Health, according to the U.S. Department of Health and Human Services. (Photo: KUTV) The phishing scheme was sent to employees' email accounts and at least one employee responded to it, believing the email to be a legitimate request. After learning about the incident, email accounts were secured and the health system opened an investigation. Patient information including names, dates of birth, medical record numbers and limited clinical information was in the email accounts, and may have been exposed. Spokespeople for U of U Health say the breach was reported by the U in June, but it was reported by HHS in July. "The 10,000 was an estimate at that time. We still haven’t finished the full investigation and the number could be smaller," Kathy Wilets, a spokesperson for U of U Health, stated in an email to 2News. U of U health notified patients earlier this year of a similar attack and "since that time has been working to implement enterprise-wide security enhancements, including expanded use of multi-factor authentication," according to a press release. Patients with questions may call 1-844-994-2107, Monday through Friday 7 a.m. to 4:30 p.m. MT. To review ways to secure your account with the health system, click here. Students, faculty and staff at the University of Utah were informed of another data breach on Wednesday. The following statement, in part, said: "On Sunday, July 19, 2020 computing servers in a college at the University of experienced a security incident. The university has notified appropriate law enforcement entities and the U's Information Security Office (ISO) is actively investigating the matter. As a precautionary measure, on July 29, 2020, students, staff and faculty at the U were directed to change their university passwords under certain conditions. The university cannot offer further details on the nature of this incident or the scope of its ramifications, pending the conclusion of the active investigation. In the meantime, the university is working to protect the data of its faculty, staff, and students and identify steps to further strengthen IT security." This second breach was not related to patients at U of U Health. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 10, 000 patients affected by data breach at University of Utah Health Destry Winant (Jul 30)