Cyber Incident Victim: University of Utah
Date:
Jul 2020
Location:
United States of America
Summary
University of Utah Health experienced multiple phishing incidents compromising email accounts containing patient health information, with three separate events reported within the same year. While investigations could not confirm a coordinated campaign, unauthorized access to protected data occurred, impacting an estimated 10,000 individuals across the incidents, though final counts remained subject to review. The organization implemented enhanced security measures including system-wide dual authentication following the breaches and initiated patient notifications via mail, with no evidence of data misuse identified during their assessments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In July 2020, University of Utah Health reported a phishing incident to the U.S. Department of Health and Human Services affecting approximately 10,000 patients. The breach involved unauthorized access to emails containing protected health information (PHI), marking the third phishing-related security event the organization disclosed to federal regulators that year. While initial public reports suggested potential overlap with a separate June 2020 incident due to similar characteristics, the university clarified that all three events were treated as distinct incidents. Investigators could not conclusively determine whether the attacks stemmed from a single coordinated campaign or multiple independent actors. The compromised data remained confined to email accounts, with no evidence suggesting broader system infiltration beyond these targeted phishing attempts. University officials emphasized that the exposure of patient information was limited in scope across all incidents.
Following discovery of the breach, University of Utah Health initiated patient notification procedures through mailed communications. The organization completed a security enhancement in June 2020 by implementing dual authentication across its email systems, a measure directly responding to vulnerabilities exposed during earlier phishing incidents. Internal reviews refined initial impact estimates, acknowledging that the reported 10,000 affected individuals represented a provisional figure subject to reduction pending final investigation. No instances of data misuse were identified during monitoring activities. The repeated phishing incidents prompted institutional recognition of systemic security challenges, though specific technical details regarding attack vectors, perpetrator identities, and exact data exposure timelines remained undisclosed in public statements. Response efforts focused on containment through authentication safeguards and regulatory compliance via HHS reporting and individual patient notifications.