U of Utah Health alerts patients of phishing, malware attacks

Salt Lake City-based University of Utah Health began notifying an undisclosed number of patients March 20 of a phishing scheme and subsequent malware attack.

In February, U of U Health discovered unusual activity on employees’ email accounts. After an investigation, the academic medical center determined than an unauthorized third party had gained access to employees’ email accounts between Jan. 7 to Feb. 21.

The hackers sent out a phishing email under the guise of a trusted source. Since the attack, U of U Health has secured the email accounts.

Patient data that may have been exposed in the phishing attack included names, dates of birth, medical record numbers and limited clinical information.

Following the discovery of the phishing incident, on Feb. 3 U of U Health discovered malware may have been downloaded on an employee’s workstation. After an investigation, officials determined that the malware may have allowed access to some patient data, include names, dates of birth, medical record numbers and limited clinical information.

Though the investigations into these incidents is ongoing, U of U Health said there is no evidence that patient information has been misused. The academic medical center is reviewing information protocols, reinforcing information security procedures and implementing necessary changes to reduce the likelihood of a similar incident happening again.

More articles on cybersecurity:
State-by-state breakdown of ransomware attacks on healthcare providers
5 recent data breaches caused by human error
Indiana hospital alerts 2,600 patients of human error data breach

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers