Utah Pathology Services reported a data breach affecting the facility by publishing a statement on its website. Based on its statement, the breach affected approximately 112,000 patients whose personal information may have been compromised.
In an August 29, 2020 report released by KUTV, the breach occurred after an unknown actor attempted to redirect funds from Utah Pathology Services after gaining access into an employee email account.
According to the Utah Pathology Services website, the company discovered the breach last June 30, 2020. The facility has since secured the said employee email account, notes Becker’s Health IT.
Despite the attempts of transferring funds, the hacker in charge was reportedly unsuccessful. The said transactions did not push through and there was no patient information leveraged or utilized for the suspicious activity.
Among the information made vulnerable to the public include the patients’ date of birth, gender, email address, phone number, mailing address, and insurance information, such as ID and group numbers as well as clinical and diagnostic data about pathology services.
Besides the aforementioned data, KUTV states that the Social Security numbers of some patients were also compromised.
Despite this, Utah Pathology Services maintains that “There is no evidence that any patient information has been misused, but out of an abundance of caution, the company has notified all potentially affected patients. Letters have been mailed to those patients whose information was contained in the email account.”
In its press release, the medical facility also said that an investigation surrounding the incident is still underway. The investigation is made in partnership with both independent IT security and forensic investigators “to determine the scope and extent of the potential unauthorized access to Utah Pathology systems and any sensitive information.”
In addition to conducting an internal investigation, the facility has also reported the occurrence to law enforcement agencies. The company also assured the public that it has enhanced its security measures by implementing additional safeguards not only for patient security and privacy but also to prevent future data breach incidents from happening.
Following the incident, the company is offering free identity monitoring services to patients or individuals who are affected by the breach.
As of writing, the medical facility asserts that they do not have evidence of patient data being misused or abused as a result of the data breach. However, Utah Pathology Services is already in the process of notifying affected patients by sending out mailing letters.