Provo-based Utah Valley Eye Center confirmed that the demographic information of more than 20,000 patients may have been exposed in a cybersecurity incident last year, according to the Daily Herald.
In June 2018, Utah Valley Eye Center's business portal was hacked. The unauthorized third party sent an email to 5,764 patients posing as a notification from PayPal. In the email, hackers told patients they had received a payment.
Upon discovering the malicious email and that its system had been hacked, Utah Valley Eye Center promptly sent emails to the 5,764 patients. Utah Valley Eye Center said it only believes emails were accessed. However, patient names, addresses, dates of birth and phone numbers could have also been exposed.
No protected health information or financial information was exposed, Utah Valley Health Center confirmed, according to the Daily Herald. Since the incident, the clinic has updated its internal policies and procedures.
"At Utah Valley Eye Center, we are committed to providing [patients] with top-notch healthcare services, including the protection of your health information," the center said in a statement, the Daily Herald reports.