SALT LAKE CITY, Utah, March 22, 2020 (Gephardt Daily) — University of Utah Health announced that it began notifying patients Friday of recent data security incidents that involved some U of U Health employees’ email accounts.
“From Jan. 22 to Feb. 27, U of U Health became aware that there was unauthorized access to some of its employees’ email accounts,” a press release said. “The unauthorized access occurred between Jan. 7 and Feb. 21. The unauthorized access occurred as a result of phishing schemes sent to the employees’ email accounts. Phishing is when an outside party replicates an email from a trusted source and sends it out in the hopes of tricking a person and potentially gaining unauthorized access to confidential information.”
When U of U Health learned of this, it quickly secured the email accounts, began an investigation, and engaged a cyber security firm to assist in the investigation, the press release said. The investigation determined that some patient information was contained in the email accounts, and may have included names, dates of birth, medical record numbers, and limited clinical information related to care U of U Health provided to patients.
“Additionally, on Feb. 3, U of U Health became aware that a common type of malware may have been placed on an employee’s workstation,” the press release added. “U of U Health quickly secured that workstation, began an investigation into this incident, and engaged a cyber security firm to assist. The investigation determined that the malware may have allowed access to some patient information from the employee’s email account, including patient names, dates of birth, medical record numbers, and limited clinical information related to care U of U Health provided to patients.”
The investigation is ongoing but, at this time, U of U Health has no indication that patient information was misused, the press release said.
“U of U Health began mailing letters to patients whose information were contained in the email accounts, and advised those patients to examine the statements for health care services for any discrepancies or services that they did not receive,” the press release said. “Those patients were encouraged to report any issues to their medical provider. All patients whose information is included in these incidents will be sent letters over the coming weeks as the investigations conclude.”
U of U Health is actively reviewing information protocols, reinforcing information security procedures with employees, and implementing changes where needed to help prevent incidents like these from happening again. Should patients have any questions regarding these incidents, they may call 1-800-737-4152, Monday through Friday 7 a.m. to 4:30 p.m.
