News / 

Jeffrey D. Allred, KSL, File Photo

University of Utah Health says some patients' data compromised in ‘phishing’ security breach

By Lauren Bennett, KSL.com | Posted - Mar. 21, 2020 at 9:01 a.m.



SALT LAKE CITY — Some University of Utah Health patients’ personal medical data, including medical record numbers, dates of birth and limited clinical information, was hacked after employee emails were compromised, the hospital said on Friday night.

Officials said as of Friday, there was no indication patient information had been misused.

Any patients impacted by the security breach will receive a letter from U of U Health, asking them to look at statements for services they did not get.

Unauthorized access to employee emails took place between Jan. 7 and Feb. 21, University of Utah Health officials said.

Officials opened an investigation after learning of the breach and secured email accounts.

Some patient information were in the email accounts, including names, dates of birth, medical record numbers and limited clinical information related to care that patients received at U of U Health.

On Feb. 3, officials found that a common malware may have been put on an employee’s workstation, which was then secured by U of U Health, and an investigation was opened into this incident.

This incident also may have allowed outside access to patients’ data.

“U of U Health is actively reviewing information protocols, reinforcing information security procedures with employees, and implementing changes where needed to help prevent incidents like these from happening again,” a statement from the university read.

Any patients with questions regarding the security breach can call 1-800-737-4152 weekdays 7 a.m.-4 p.m.

Lauren Bennett

KSL Weather Forecast