Thousands of patients who visited Salt Lake City-based Utah Pathology Services may have had personal and protected health information exposed after a hacker tried to steal funds from the medical practice.
The data breach, which resulted from an unauthorized user hacking into one of Utah Pathology's email accounts, exposed data on an estimated 112,000 patients, a Utah Pathology spokesperson told Modern Healthcare via email.
Utah Pathology in late June discovered an unauthorized user had attempted to redirect funds from the practice using a compromised email account, according to a notice posted online.
The hacker was not able to complete a financial transaction.
However, Utah Pathology's investigation into the incident determined that some patient data was contained in the compromised email account, which the hacker may have accessed. That information included some names, dates of birth, gender, phone numbers, mailing addresses, email addresses, insurance information and medical information, such as medical record numbers and diagnostic information.
A "small percentage of patients" had Social Security numbers contained in the email account, according to the notice.
In a statement, Dennem Wolfley, Utah Pathology's chief operating officer and practice manager, said the practice is implementing additional security safeguards for its information systems.
"We take the security of all information in our control very seriously," Wolfley said in the statement.
Utah Pathology said it has not found evidence to suggest patient information compromised in the data breach has been misused; however, the group's investigation is ongoing.
The investigation is being conducted with the help of an independent information-technology security and forensics firm, according to its notice. Utah Pathology said it has reported the incident to law enforcement.