University of Utah Health reported on June 5 that an unauthorized individual accessed some employee email accounts over a 45-day period earlier this year.
Five things to know:
1. The health system reported a phishing attack that allowed unauthorized access to employee email accounts from April 6 to May 22. The health system took action to secure the affected email accounts after identifying the attack.
2. Some employees fell victim to a phishing scheme where they responded to emails that they thought were legitimate requests.
3. The patient information contained in the email accounts included patient names, birth dates, medical record numbers and limited clinical information.
4. University of Utah Health began notifying patients of the attack on June 5, although there has not been indication that the information was misused. The health system is still investigating the incident.
5. In February, the health system also found a common type of malware had been placed on an employees' workstation, which has since been secured. The malware may have allowed unauthorized access to some patient information from the employee's email account including names, birth dates, medical record numbers and clinical care information.
More articles on cybersecurity:
Lawsuit alleges health system maintained PHI 'in a reckless manner' ahead of breach
Ransomware attack affects 13,146 patients' info at Alaska surgical practice: 4 details
Kaiser terminates employee that inappropriately accessed 2,756 patients' records over 8 years
University of Utah Health reports employee emails hacked: 5 details
Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.