University of Utah Reports Phishing Attack Involving the PHI of up to 10,000 Patients

HIPAA Journal

The University of Utah has experienced a phishing attack that has potentially involved the protected health information of up to 10,000 patients. This is the 4th data breach to be reported to the Department of Health and Human Services by the University of Utah in 2020. All four incidents are listed as hacking/IT incidents involving email. The previous breach reports were submitted on June 8, 2020 (1,909 individuals), April 3, 2020 (5,000 individuals), and March 21, 2020 (3,670 individuals).

Unauthorized individuals gained access to employee email accounts between January 22, 2020 and May 22, 2020, according to the substitute breach notice on the University of Utah Health website. It is unclear at this stage if the latest breach report also involved access to employee email accounts in the same time frame.

Kathy Wilets, Director of Public Relations at University of Utah Health provided a statement to in which she explained...

Get the Morning Update

Thanks for subscribing!