Cyber Incident Victim: Uintah Basin Healthcare
Date:
Nov 2022
Location:
United States of America
Summary
A rural Utah healthcare provider experienced a hacking incident involving unauthorized network access, potentially compromising protected health information of over 100,000 patients who received care during a 10-year period. The breach exposed clinical data including diagnoses, medications, and test results, though no evidence of actual misuse emerged. In response to detecting unusual activity, the organization took systems offline, implemented a global password reset, and deployed enhanced endpoint detection tools. The incident disrupted network connectivity and phone services temporarily while affecting patients across its regional healthcare facilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Uintah Basin Healthcare, a rural Utah provider, detected unusual network activity in November 2022, prompting an investigation that revealed unauthorized access to patient data. The healthcare organization took immediate action by isolating affected systems, including taking network infrastructure offline, which temporarily disrupted phone services and connectivity. Forensic analysis determined the breach exposed protected health information of 103,974 individuals who received care between March 2012 and November 2022. Compromised data included clinical details such as diagnoses, prescribed medications, and laboratory test results. While the attack vector wasn't specified, the incident's duration suggested prolonged system vulnerability. Notification letters began distribution in May 2023, nearly six months after detection, informing patients about potential data exposure. The healthcare provider emphasized no evidence of actual misuse of stolen information had been identified.
The healthcare system implemented multiple containment measures following the breach detection, including a mandatory organization-wide password reset to prevent further unauthorized access. Security enhancements featured deployment of an endpoint detection and response (EDR) tool across network systems for improved threat monitoring. Operational disruptions occurred when critical systems were taken offline during containment efforts, affecting routine administrative and clinical workflows. Uintah Basin Healthcare, operating a 42-bed hospital in Roosevelt, Utah, serves a region with fewer than 10,000 residents, magnifying the breach's local impact given the decade-long exposure period. No ransomware involvement or financial motive was disclosed in available reports. The organization maintained continuity of emergency services throughout the incident despite network accessibility challenges. Patient notification procedures complied with regulatory requirements for breaches affecting protected health information.