DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Central Utah Clinic reports server containing 31,677 patients' information was breached in 2012

Posted on September 10, 2014 by Dissent

On August 7, Central Utah Clinic, P.C. posted a breach notification on their web site:

PUBLIC NOTICE: Potential Central Utah Clinic HIPAA Breach

PROVO, Utah. (Aug. 7, 2014) — Central Utah Clinic is committed to the protection of patient privacy and is notifying 31,677 patients, by letter, of a potential personal health information breach.

On June 9, 2014, Central Utah Clinic IT professionals discovered unauthorized individuals had compromised one of their servers. Each month, Central Utah Clinic successfully defends against numerous cybercriminal attacks. However, during this particular targeted attack, Central Utah Clinic security measures were circumvented.

Following discovery of the compromise, the server was isolated to prevent further risk of unauthorized information disclosure. A thorough forensic investigation found no evidence that personal information was viewed or copied from the server to an unauthorized location. Additionally, there is no indication that any of the other 100+ Central Utah Clinic servers were compromised.

The accessed server was not a complete database of patient information, but rather a limited subset of written imaging and radiology reports dated 2010 and earlier. The accessed server did store data on some individuals containing patient information with one or more of the following fields: name, date of birth, Social Security number, address and phone number.

“Protecting our patients’ information from exposure of any kind beyond what is needed for treatment, and particularly from cybercriminal activity, is a key focus at Central Utah Clinic, and we take full responsibility for this incident,” said Scott Barlow, CEO of Central Utah Clinic. “These attacks are an unfortunate aspect of information technology and modern healthcare is not immune from this. It is important to understand there is no indication that any of our patients’ personal information was viewed or copied. Regardless, we are committed to transparency and working with our patients to mitigate possible effects of this occurrence.”

Central Utah Clinic contacted appropriate regulatory authorities and has taken additional steps to safeguard patient information, including partnering with an advanced technology security firm and offering complimentary personal credit monitoring services to patients involved in the potential breach.

Involved parties are being contacted by mail. Individuals who believe their information may have been involved or who need additional information should contact Central Utah Clinic toll-free at 1-844-714-0284.

About Central Utah Clinic: Comprised of more than 170 physicians, Central Utah Clinic is the largest independent, physician-owned, multi-specialty practice in Utah. Based in Provo, UT, Central Utah Clinic provides care in 25+ specialties with many primary care and specialty providers located throughout the state.

Although not mentioned in their press release, Central Utah Clinic reported to HHS that the breach occurred on October 9, 2012 and continued until June 21, 2014.

Category: Uncategorized

Post navigation

← Administrative law judge denies LabMD's motion to sanction FTC
Security lapse by Diamond Computing exposed Diatherix patients' information on the Internet for 22 months →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.