Utah Imaging Associates (UIA), a radiology clinic in Utah, has revealed a data breach that has affected 582,170 people once their private details were compromised.
The security problem was detected on September 4, 2021, and was resolved on the same day, as per the security breach notification emailed to impacted users.
However, the initial network penetration occurred on August 29, 2021, giving the threat actors almost a week to examine UIA’s internal systems as well as potentially steal information.
After a forensic investigation with the assistance of a professional third-party cybersecurity organization, it was discovered that the unauthorized network intruder gained access to the various patient private details:
- Name (first and last)
- Postal address
- The birthdate
- Social Security Number
- Policy number for health insurance
- Medical knowledge
Because the kind of information differs by individual, not all factors apply to every receiver of a data leak notification.
UIA also states that 2 months after the event, they have had no complaints of this data being exposed online.
This does not, however, ensure that the stolen information is not secretly shared among cyber criminals on the dark web, as is customary with data theft.
People who have previously utilized UIA’s services could take advantage of the free 12-month credit monitoring service provided by IDX and be watchful against social engineering assaults.
If you discover any indicators of fraud, such as odd bank account charges or questionable emails, or phone calls, you should immediately report by dialing (833) 525-2720.
Medical Centres Are Easy Targets
Hackers frequently target medical facilities such as UIA because they handle sensitive data that is lucrative in the criminal underground.
Some prominent recent instances involving healthcare include:
- Last week’s compromise at Weill Cornell Medicine in New York
- Last week, a security issue delayed operations at Southern Ohio Medical Center.
- Last month, a severe cyber attack was launched on the Johnson Memorial Health Network.
- A large-scale attack on the medical system of the Canadian province of Newfoundland as well as Labrador.
- Two weeks ago, the Urology Center of Colorado had a data breach that affected about 137,000 patients.
Because healthcare appointments need patients providing a great deal of personal data, the obligation of safeguarding their sensitive information may be challenging for healthcare practitioners.
This is particularly true for smaller clinics with a limited income and no dedicated IT personnel.
All organizations, especially medical practices, should protect their data by not revealing internal operations such as remote desktops to the Internet, adhering to appropriate backup schedules, and completing phishing training for their personnel.