Utah Valley Eye Center Hacking Incident Leads to Phishing Attack on Patients

By | November 1, 2019

Utah Valley Eye Center in Provo, UT is warning patients that some of their personal information may have been accessed by an unauthorized individual following a security breach of its scheduling reminder portal on June 28, 2018.

The hacker obtained the email addresses of 5,764 patients and sent each a phishing email in an attempt to gain access to PayPal credentials. The emails spoofed PayPal and advised the recipients that they had received a payment.

Upon discovery of the security breach, Utah Valley Eye Center contacted all individuals who had been emailed to warn them about the security breach. No evidence has been uncovered to suggest any other information was accessed or misused, although the hacker would have had access to patient names, addresses, phone numbers, and dates of birth. No personal health or financial information is believed to have been accessed.

Only 5,764 phishing emails were sent, but Utah Valley Eye Center could not determine exactly how many patients had been affected by the breach. According to a recent press release, the demographic information of up to 20,000 patients may have been compromised, according to a recent report in the Daily Herald.

The incident has been reported to the Utah Department of Health, the Utah Department of Human Services, and the HHS. Affected individuals have been advised to place a fraud alert on their credit files as a precaution against misuse of their information.

It is currently unclear when the breach was discovered and why it has taken until now for a press release to be issued about the security breach.

The post Utah Valley Eye Center Hacking Incident Leads to Phishing Attack on Patients appeared first on HIPAA Journal.