cyber Breach

University of Utah Health

May 11, 2023 1 min read
University of Utah Health

The University of Utah Health fell for a phishing attack.

From January 22 to February 27, 2020, there was an unauthorized access to some employees’ email accounts.

The unauthorized access occurred as a result of phishing schemes sent to the employees’ email accounts.

Some patient information was included in the email account, including names, dates of birth, medical record numbers, and limited clinical information about care received at the University of Utah Health.

Source: https://www.databreaches.net/university-of-utah-health-notifies-patients-of-phishing-attacks-that-began-in-january/

TPRM report: https://scoringcyber.rankiteo.com/company/university-of-utah-hospital

"id": "uni210221222",
"linkid": "university-of-utah-hospital",
"type": "Data Leak",
"date": "01/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Utah, USA',
                        'name': 'University of Utah Health',
                        'type': 'Healthcare Institution'}],
 'attack_vector': 'Email',
 'data_breach': {'personally_identifiable_information': 'Names, dates of '
                                                        'birth, medical record '
                                                        'numbers',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Patient information'},
 'date_detected': '2020-01-22',
 'date_resolved': '2020-02-27',
 'description': 'The University of Utah Health fell for a phishing attack '
                'resulting in unauthorized access to some employees’ email '
                'accounts from January 22 to February 27, 2020. The '
                'unauthorized access occurred as a result of phishing schemes '
                'sent to the employees’ email accounts. Some patient '
                'information was included in the email account, including '
                'names, dates of birth, medical record numbers, and limited '
                'clinical information about care received at the University of '
                'Utah Health.',
 'impact': {'data_compromised': 'Patient information including names, dates of '
                                'birth, medical record numbers, and limited '
                                'clinical information',
            'systems_affected': 'Employee email accounts'},
 'initial_access_broker': {'entry_point': 'Email'},
 'post_incident_analysis': {'root_causes': 'Phishing schemes'},
 'title': 'Phishing Attack at University of Utah Health',
 'type': 'Phishing',
 'vulnerability_exploited': 'Human'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.