A data breach hit a Utah medical service provider, exposing the records of nearly 600,000 patients.
The incident involved Utah Imaging Associates Inc., a radiology medical practice based in Farmington, Utah. In a notice published on November 18, the company said it detected what it described as a “network security incident” on September 4. After taking steps to secure its network, Utah Imaging Associates hired a third-party cybersecurity company to investigate. investigation to determine the nature and extent of the incident.
The survey was not good news for the company’s patients. The stolen data involved personally identifiable information from 582,170 people. The data included first and last name, mailing address, date of birth, social security number, health insurance policy number and medical information. The company did not provide any details on how the data theft took place.
Utah Imaging Associates says there is no evidence of misuse of the stolen data. As a precaution, the company offers free credit monitoring and identity theft restoration services to those affected through IDX.
The most prominent part of the breach notification was the delay of more than two months between the theft of data and the notification of patients by Utah Imaging Associates.
“During this time, patient records were likely used for nefarious activities without the patient even knowing that the records were stolen,” Christian Espinosa, managing director of the IT services management company, told Tech To See. Cerberus Cyber Sentinel Corp. “When data breaches like this occur, it’s crucial to notify as soon as the breach is confirmed. Timely notification allows patients to take proactive measures before their stolen records are misused, such as freezing credit and setting up account watch alerts.
Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., noted that medical data is always valuable to cybercriminals because it contains a lot of sensitive information, including social security numbers, addresses and medical conditions. Kron explained that data theft is not only useful for identity theft, but can also be used to launch scams targeting victims, such as posing as hospital staff.
“By knowing what procedures a person went through and when, along with other information, they could convince victims that a payment is due or some other inconvenience that would be very credible,” he said. “The protection of medical data should be a high priority., And those who store and use this data should regularly review the processes and procedures, as well as technical controls, related to data protection.