Utah Imaging Associates (UIA), a radiology clinic in Utah, has revealed a data breach that has affected 582,170 people once their private details were compromised.
The security problem was detected on September 4, 2021, and was resolved on the same day, as per the security breach notification emailed to impacted users.
However, the initial network penetration occurred on August 29, 2021, giving the threat actors almost a week to examine UIA’s internal systems as well as potentially steal information.
After a forensic investigation with the assistance of a professional third-party cybersecurity organization, it was discovered that the unauthorized network intruder gained access to the various patient private details:
Because the kind of information differs by individual, not all factors apply to every receiver of a data leak notification.
UIA also states that 2 months after the event, they have had no complaints of this data being exposed online.
This does not, however, ensure that the stolen information is not secretly shared among cyber criminals on the dark web, as is customary with data theft.
People who have previously utilized UIA’s services could take advantage of the free 12-month credit monitoring service provided by IDX and be watchful against social engineering assaults.
If you discover any indicators of fraud, such as odd bank account charges or questionable emails, or phone calls, you should immediately report by dialing (833) 525-2720.
Hackers frequently target medical facilities such as UIA because they handle sensitive data that is lucrative in the criminal underground.
Some prominent recent instances involving healthcare include:
Because healthcare appointments need patients providing a great deal of personal data, the obligation of safeguarding their sensitive information may be challenging for healthcare practitioners.
This is particularly true for smaller clinics with a limited income and no dedicated IT personnel.
All organizations, especially medical practices, should protect their data by not revealing internal operations such as remote desktops to the Internet, adhering to appropriate backup schedules, and completing phishing training for their personnel.