Utah Imaging Associates (UIA), a radiology medical practice, recently announced that it encountered a data security incident that might have led to unauthorized access to almost 600,000 of its former and current patients' sensitive personal information. UIA posted on its website it would notify affected individuals by first-class mail.
The letters will include incident details, what UIA is doing in response and share what resources are available to help patients protect themselves against any potential misuse of their personal information. UIA also encouraged patients to contact the practice during business hours if they needed more information.
"UIA sincerely regrets any concern or inconvenience this matter may cause and remains dedicated to ensuring the privacy and security of all information in UIA's control," the practice said on its website.
UIA security breach details
The practice reported it detected and stopped a network security incident on September 4, 2021. UIA secured and started remediating its network upon discovering the incident. It also brought in a specialized third-party cybersecurity company to investigate the scope and nature of the security breach. The cybersecurity firm determined that the hacker did access some of the practice's sensitive data files during the incident.
UIA alerted any of its impacted patients on November 18, 2021. The practice said it has not yet received any identity theft reports connected to this incident since it was first reported. While UIA hasn't seen any cases of its patient's information being misused, it has offered information for what people can do in the event that it is. The information includes how to protect personal information, obtain a credit report, place a fraud alert on the patient's account, put a security freeze on their credit report and more.
"UIA is committed to doing everything to protect the privacy and security of the personal information in UIA's care," the practice said in its release. "Since the discovery of the incident, UIA has taken and will continue to take steps to prevent a similar incident from occurring in the future. In light of the incident, UIA is offering impacted individuals with complimentary credit monitoring and identity theft restoration services through IDX."
What data was stolen in the UIA data breach?
With almost 600,000 individuals affected, the Utah Imaging Associates data breach is one of the largest ones recorded in 2021, per the U.S. Department of Health and Human Services Office for Civil Rights (OCR), Health, IT Security reports. The Maine Attorney General's office said information stolen in the breach included, "Name or other personal identifier in combination with: Driver's License Number or Non-Driver Identification Card Number."
UIA also noted in its letter to impacted patients that their mailing address, date of birth, social security number, health insurance policy number and medical information may have been compromised during the breach.
Security breaches continue to impact medical community
UIA was not the only medical practice to recently announce a security breach, according to Health IT Security. Eskenazi Health, a public hospital division of the Health & Hospital Corporation (HHC) of Marion County, Indiana, also had to inform its patients on November 11, 2021, that it suffered a cyberattack on August 4. The attack, which impacted more than 1.5 million people, was reported to OCR on October 1.
When Eskenazi Health discovered the malicious activity, it took its network offline to protect its information and began an investigation. The facility found that cyber criminals accessed its network around May 19, 2021, with a malicious internet protocol address. The hackers also disabled security protections, so it was harder for Eskenazi Health to discover the activity until the attack was launched.
"Eskenazi Health values its patients, employees and providers and is committed to privacy," the hospital said in its release. "We quickly engaged an independent forensic team to investigate and contain the incident and to protect against further criminal activity. Eskenazi Health's forensic team conducted an extensive investigation and assisted Eskenazi Health with mitigation steps to ensure the cyber criminals were no longer on its network."
The hospital said it also notified the FBI and added more security measures to strengthen its network security. Eskenazi Health stated there's been no evidence that the cyber criminals locked any files. However, data was stolen from the hospital's network and some of it was put on the "dark web." The data included some patients' and HHC's personal and health information.
"Eskenazi Health is constantly evaluating its security systems and will continue to make improvements as necessary to protect the privacy and security of information on an ongoing basis," the hospital said. "Eskenazi Health has been proactive in its efforts to implement policies, procedures, and safeguards to prevent data compromises from occurring in the future and has worked with its forensic team to identify any areas for improvement."
Impacted patients were encouraged to contact credit bureaus and review any information they might have obtained, as well any suspicious activity. Eskenazi Health also offered to cover identity theft protection costs, including credit monitoring.
Here at the Inventu Corporation, we equip organizations of all sizes with a revolutionary web terminal emulation tool called Inventu Viewer+, a high performance emulation solution that is built with C at its core. Inventu Viewer+ supports SAML 2.0 and other identity technologies to enable securing your critical mainframe applications. This allows deployment of reliable and safe software using clean HTML and JavaScript hosted on secure Windows servers. All in all, the Inventu Viewer+ web terminal emulation meets employer and staff expectations in a way that feels both familiar and simple. Contact us today and see how Inventu can help you integrate your active terminal emulation with the best web identity frameworks available.
