[BreachExchange] Utah Pathology Services reports data breach

[Destry Winant]

https://gephardtdaily.com/local/utah-pathology-services-reports-data-breach/

SALT LAKE CITY, Utah, Aug. 30, 2020 (Gephardt Daily) — Utah Pathology
Services is reporting a data breach after an unknown third party
attempted to redirect funds from the company.

“We are providing notice of a data security incident involving Utah
Pathology Services, Inc. that may have resulted in the unauthorized
access to certain individuals’ personal information,” said a news
release. “We take the privacy and protection of our patients’
information very seriously. We sincerely apologize and regret any
inconvenience this incident may cause.”

The news release said that on June 30, it was learned than an unknown
third party attempted to redirect funds from the company. The
suspicious activity did not involve any patient information, or the
completion of any financial transactions.

“Upon discovery of the attempted fraud, Utah Pathology quickly secured
the impacted email account and launched an investigation,” the news
release said. “The investigation was performed with the help of
independent IT security and forensic investigators to determine the
scope and extent of the potential unauthorized access to Utah
Pathology systems and any sensitive information.”

The information accessed by the unauthorized party included names and
one or more of the following personal attributes: date of birth,
gender, phone number, mailing address, email address, insurance
information including ID and group numbers, medical and health
information including internal record numbers and clinical and
diagnostic information related to pathology services, and, for a small
percentage of patients, Social Security number.

“At this time, we do not have evidence that any patient information
has been misused,” the news release said. “Nevertheless, we are
notifying all potentially affected patients out of an abundance of
caution. We have begun mailing letters to patients whose information
was contained in the email account.”

The company said it is taking steps to prevent a similar event from
occurring in the future by implementing additional safeguards and
security measures that will enhance the privacy and security of
information in its systems. The incident has also been reported to law
enforcement.

“Although we are unaware of any misuse of our or anyone’s information,
to help relieve concerns and restore confidence following this
incident, we have secured the services of Cyberscout to provide
identity monitoring, at no cost, to affected individuals for 12
months,” the news release said.