Cyber Incident Victim: University of Utah

The University of Utah Health discovered unauthorized access to employee email accounts between January 7 and February 21, 2020, following phishing schemes targeting staff. The organization identified the email compromises during a monitoring period from January 22 to February 27, 2020, prompting immediate account security measures. An investigation conducted with assistance from a cybersecurity firm revealed that attackers accessed patient information including names, dates of birth, medical record numbers, and limited clinical details related to care received at the facility. Separately, on February 3, 2020, hospital staff detected malware infection on an employee workstation, which was promptly secured. Analysis indicated this malware potentially exposed similar categories of patient data through the compromised email account.

The healthcare provider initiated containment by securing affected accounts and workstations while continuing its investigation, which remained ongoing at the time of disclosure. No evidence suggested misuse of exposed information. Notification letters were sent to impacted patients, accompanied by a dedicated call center for inquiries. The hospital advised patients to review healthcare statements for discrepancies and report unrecognized services. Institutional responses included reviews of information protocols, reinforcement of employee security procedures, and implementation of preventive changes. The organization expressed regret for potential patient concerns but did not quantify the number of affected individuals or specify operational disruptions beyond the described data exposures.