DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Utah Health notifies patients of phishing attacks that began in January

Posted on March 22, 2020 by Dissent

The University of Utah Health is notifying patients whose protected health information was in some employees’ email accounts after they fell for a phishing attack.

The following is a notice posted on their website March 20th:


We are committed to protecting the confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some patients’ information. This notice explains the incident, measures we have taken, and some steps you can take in response.

From January 22 to February 27, 2020, we became aware that there was unauthorized access to some employees’ email accounts. This unauthorized access occurred between January 7 and February 21, 2020. The unauthorized access occurred as a result of phishing schemes sent to the employees’ email accounts. Phishing is when someone replicates an email from a trusted source and sends it out in hopes of tricking a person and gaining unauthorized access to the email account. We quickly secured the email account, began an investigation, and engaged a cybersecurity firm to assist. Our investigation determined that some patient information was included in the email account, including names, dates of birth, medical record numbers, and limited clinical information about care received at University of Utah Health.

Additionally, on February 3, 2020, we became aware that a common type of malware may have been placed on an employee’s workstation. We quickly secured that workstation, began an investigation into this incident, and engaged a cybersecurity firm to assist. The investigation determined that the malware may have allowed access to some patient information from the employee’s email account, including patient names, dates of birth, medical record numbers, and limited clinical information related to the care U of U Health provided to patients.

Notification Letters

Our investigations into these incidents is ongoing. However, we have no indication any information has been misused. In an abundance of caution, we began mailing notification letters to patients on March 20, 2020 and have established a dedicated call center to answer questions our patients may have. We recommend patients review the statements they receive from their healthcare providers. If there are discrepancies or services that you did not receive, please contact the provider immediately.

We deeply regret any concern or inconvenience this may cause our patients. We are actively reviewing information protocols, reinforcing information security procedures with our employees and implementing changes where needed to help prevent an incident like this from happening again.

Questions or Concerns

If you have questions about this incident or believe you may have been impacted and do not receive a letter by April 30, please call 1-800-737-4251, Monday through Friday, 7:00 am to 4:30 pm Mountain Time.

Related posts:

  • Victims of W-2 phishing scams (2017 list)
Category: Health DataPhishingU.S.

Post navigation

← TQL faces lawsuit over data breach
(UPDATED) Healthcare Workers Targeted By Dangerous New Windows Ransomware Campaign Using Coronavirus As Bait →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.