Utah medical center hit by data breach affecting 582,000 patients


Utah Imaging Associates (UIA), a Utah-based radiology center, announced a data breach affecting 582,170 people after their personal information was disclosed.

According to the data breach notification sent to those affected, the security incident was discovered on September 4, 2021 and was corrected on the same day.

However, the initial network infiltration took place on August 29, 2021, allowing threat actors to explore internal UIA systems and potentially steal data for around a week.

The ensuing forensic investigation, conducted with the help of a third-party cybersecurity firm, found that the unauthorized network intruder had access to the following personal information of patients:

  • Last name and first name
  • Address
  • Date of Birth
  • Social Security number
  • Health insurance policy number
  • Medical information (medical treatment, diagnosis and prescription information)

The type of information varies among individuals, so not all of the above is relevant to every recipient of the data breach notice.

The UIA too points out that they have not received any reports of any online leaks of this data two months after the incident.

However, this does not ensure that stolen data is not shared privately between hackers on the dark web, as is typically the case with data breaches.

People who have used UIA services in the past should take advantage of the 12 months of credit monitoring services offered through IDX and remain vigilant against social engineering attacks.

If you have noticed any signs of fraud, unusual bank charges, or suspicious emails and calls, you are advised to report it immediately by calling (833) 525-2720.

TechToSee has contacted the UIA to learn more about the nature of the data breach, and we’ll update this post as soon as we have more details.

Medical centers are easy choices

Hackers tend to target medical centers like the UIA because they deal with sensitive data considered valuable in underground cybercrime.

Here are some notable recent incidents targeting healthcare:

  • A breach at Weill Cornell Medicine in New York City that took place last week
  • A security incident that disrupted operations in the South Ohio Medical Center Last week
  • A damaging cyberattack on the Johnson Memorial Health network last month
  • A large-scale attack on the health care system of the Canadian province of Newfoundland and Labrador
  • A data breach affecting approximately 137,000 patients in the Colorado Urology Center, two weeks ago

Since healthcare visits require patients to provide a lot of personal information, the responsibility for securing their sensitive data can be difficult for healthcare providers.

This is especially true for small practices that can operate on a limited budget without dedicated IT staff.

All businesses, including medical offices, should protect their data by not exposing internal services to the Internet, such as the remote desktop, following good backup schedules, and providing phishing training for their employees. .


Please enter your comment!
Please enter your name here

Trending this Week