Facebook Twitter

University of Utah Health patient info was breached through ‘phishing schemes’

SHARE University of Utah Health patient info was breached through ‘phishing schemes’

University of Utah Hospital in Salt Lake City on Friday, Nov. 1, 2019.

Scott G Winterton, Deseret News

SALT LAKE CITY — The University of Utah Health fell victim to a phishing scheme in which an outside party accessed patient information such as birthdates and clinical information through employee emails, the organization announced Friday.

However, hospital officials say there is no evidence hackers have misused patient information as of Friday afternoon.

University of Utah Health officials said in a press release Friday they are in the process of notifying patients of the data breaches.

The press release says the unauthorized access to employee email accounts occurred between April 6 and May 22 after some employees responded unknowingly to phishing schemes sent to their email accounts.

University of Utah Health took “prompt action to secure each affected account shortly after identifying the unauthorized access,” the press release says.

An investigation determined patient information was contained in the emails, including names, birthdates, medical record numbers and limited clinical information.

A similar incident occurred earlier this year and University of Utah Health said it’s been working to implement “enterprisewide security enhancements” and multifactor authentication in response.

The press release says officials are sending letters to patients whose information may have been accessed through the compromised email accounts, advising them to examine their health care statements for potential discrepancies.

“U of U Health is actively reviewing information protocols, reinforcing information security procedures with employees, and implementing changes where needed to help prevent incidents like these from happening again,” the release concludes.