Utah Health System Suffers Healthcare Data Breach, 103K Impacted

May 15, 2023 - Uintah Basin Healthcare (UBH) recently notified 103,974 individuals of a healthcare data breach that potentially compromised the protected health information of patients. UBH first discovered suspicious network activity on November 7, 2022 and took immediate steps to secure its systems.

However, it was not until April 7, 2023 that UBH learned that patient data may have been accessed or acquired during the incident. Specifically, the breach impacted patients who received care at UBH between March 2012 and November 2022.

The information involved in the incident may have included names, Social Security numbers, addresses, health insurance information, diagnoses, medication information, test results, and procedure information. UBH said it had no evidence that any of this information had been misused.

“Data privacy and security are among UBH's highest priorities,” the notice stated. “UBH has implemented additional measures to enhance the security of its digital environment in an effort to minimize the likelihood of a similar event from occurring in the future.”

Lake County Health Department and Community Health Center Suffers Breach

Lake County Health Department and Community Health Center (LCHD/CHC) disclosed a breach that impacted 17,000 individuals. Lake County discovered the breach on March 6, 2023, when an unauthorized party accessed a Lake County employee’s email account.

The account contained partially de-identified data pertaining to “Lake County residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23, 2012, and March 6, 2023,” the notice stated.

Lake County worked with Microsoft to investigate the unauthorized activity and immediately secured the account. The information in the account included names, addresses, gender, phone numbers, email addresses, medical record numbers, lab results, dates of birth, zip codes, and other treatment information used by the Communicable Disease outreach program.

“We want to assure those affected that we will continue to actively address cyber-security concerns, as we are dedicated to protecting your privacy and personal information,” the notice continued.

“In this case, we have implemented additional safeguards and cyber security training to prevent similar occurrences in the future.”

NJ Optometrist Office Experiences Breach

New Jersey-based Summit Eye & Optical suffered a data breach that impacted 5,727 individuals. Summit Eye & Optical discovered unauthorized access to its computers systems on March 4, 2023.

The unauthorized party viewed some patient health information, including full names, addresses, medical history, treatment information, and other information.

“We took steps to address this incident promptly after it was discovered, including conducting an internal investigation to understand what had taken place and how,” the notice stated.

“We have also reviewed our internal data management and protocols and have implemented enhanced security measures to help prevent this type of incident from recurring.”

The eye care provider encouraged impacted individuals to take steps to protect themselves from identity theft.