A number of reports have named healthcare facilities and services as a prime target for cyber attacks, no surprise given the amount of personal data contained in their patient records. What the below report shows, however, is it took the identification of a different problem to reveal the the scope of data that was being made available, including in some cases social security numbers.
As one might expect, Utah Pathology has updated its security measures but it has also offered one year of free identity monitoring services to individuals affected by the incident.
The company wrote it discovered on June 30 that an unknown third party hacked into one of its email accounts in an attempt to redirect funds from the business. After discovering the attempted fraud, Utah Pathology secured the email account and launched an investigation.
Approximately 112,000 patients had their personal information exposed by a data breach at Utah Pathology Services.
The breach was discovered when the organization discovered “an unknown party attempted to redirect funds from within Utah Pathology,” according to a press release from the company. The attempted fraud led to the discovered of that patient information was accessible and included one or more of the following:
- Date of birth
- Phone number
- Mailing address
- Email address
- Insurance information including ID and group numbers and clinical and diagnostic information related to pathology services
- And, for a smaller percentage of patients, Social Security number