DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Central Utah Clinic reports server containing 31,677 patients' information was breached in 2012

Posted on September 10, 2014 by Dissent

On August 7, Central Utah Clinic, P.C. posted a breach notification on their web site:

PUBLIC NOTICE: Potential Central Utah Clinic HIPAA Breach

PROVO, Utah. (Aug. 7, 2014) — Central Utah Clinic is committed to the protection of patient privacy and is notifying 31,677 patients, by letter, of a potential personal health information breach.

On June 9, 2014, Central Utah Clinic IT professionals discovered unauthorized individuals had compromised one of their servers. Each month, Central Utah Clinic successfully defends against numerous cybercriminal attacks. However, during this particular targeted attack, Central Utah Clinic security measures were circumvented.

Following discovery of the compromise, the server was isolated to prevent further risk of unauthorized information disclosure. A thorough forensic investigation found no evidence that personal information was viewed or copied from the server to an unauthorized location. Additionally, there is no indication that any of the other 100+ Central Utah Clinic servers were compromised.

The accessed server was not a complete database of patient information, but rather a limited subset of written imaging and radiology reports dated 2010 and earlier. The accessed server did store data on some individuals containing patient information with one or more of the following fields: name, date of birth, Social Security number, address and phone number.

“Protecting our patients’ information from exposure of any kind beyond what is needed for treatment, and particularly from cybercriminal activity, is a key focus at Central Utah Clinic, and we take full responsibility for this incident,” said Scott Barlow, CEO of Central Utah Clinic. “These attacks are an unfortunate aspect of information technology and modern healthcare is not immune from this. It is important to understand there is no indication that any of our patients’ personal information was viewed or copied. Regardless, we are committed to transparency and working with our patients to mitigate possible effects of this occurrence.”

Central Utah Clinic contacted appropriate regulatory authorities and has taken additional steps to safeguard patient information, including partnering with an advanced technology security firm and offering complimentary personal credit monitoring services to patients involved in the potential breach.

Involved parties are being contacted by mail. Individuals who believe their information may have been involved or who need additional information should contact Central Utah Clinic toll-free at 1-844-714-0284.

About Central Utah Clinic: Comprised of more than 170 physicians, Central Utah Clinic is the largest independent, physician-owned, multi-specialty practice in Utah. Based in Provo, UT, Central Utah Clinic provides care in 25+ specialties with many primary care and specialty providers located throughout the state.

Although not mentioned in their press release, Central Utah Clinic reported to HHS that the breach occurred on October 9, 2012 and continued until June 21, 2014.

No related posts.

Category: Uncategorized

Post navigation

← Administrative law judge denies LabMD's motion to sanction FTC
Security lapse by Diamond Computing exposed Diatherix patients' information on the Internet for 22 months →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked
  • Hunters International to provide free decryptors for all victims as they shut down (2)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.