SALT LAKE CITY, Utah, Aug. 30, 2020 (Gephardt Daily) — Utah Pathology Services is reporting a data breach after an unknown third party attempted to redirect funds from the company.
“We are providing notice of a data security incident involving Utah Pathology Services, Inc. that may have resulted in the unauthorized access to certain individuals’ personal information,” said a news release. “We take the privacy and protection of our patients’ information very seriously. We sincerely apologize and regret any inconvenience this incident may cause.”
The news release said that on June 30, it was learned than an unknown third party attempted to redirect funds from the company. The suspicious activity did not involve any patient information, or the completion of any financial transactions.
“Upon discovery of the attempted fraud, Utah Pathology quickly secured the impacted email account and launched an investigation,” the news release said. “The investigation was performed with the help of independent IT security and forensic investigators to determine the scope and extent of the potential unauthorized access to Utah Pathology systems and any sensitive information.”
The information accessed by the unauthorized party included names and one or more of the following personal attributes: date of birth, gender, phone number, mailing address, email address, insurance information including ID and group numbers, medical and health information including internal record numbers and clinical and diagnostic information related to pathology services, and, for a small percentage of patients, Social Security number.
“At this time, we do not have evidence that any patient information has been misused,” the news release said. “Nevertheless, we are notifying all potentially affected patients out of an abundance of caution. We have begun mailing letters to patients whose information was contained in the email account.”
The company said it is taking steps to prevent a similar event from occurring in the future by implementing additional safeguards and security measures that will enhance the privacy and security of information in its systems. The incident has also been reported to law enforcement.
“Although we are unaware of any misuse of our or anyone’s information, to help relieve concerns and restore confidence following this incident, we have secured the services of Cyberscout to provide identity monitoring, at no cost, to affected individuals for 12 months,” the news release said.
Anyone with questions is invited to call 855-917-3569 Monday through Friday, 7 a.m. to 7 p.m.