The University of Utah Health is notifying patients whose protected health information was in some employees’ email accounts after they fell for a phishing attack. The following is a observation posted on their website march 20th: We are committed to protecting the confidentiality of our patients information. Regrettably, this observation is regarding an incident involving some patients information. This observation explains the incident, measures we hold taken, and some steps you can take in response. From January 22 to february 27, 2020, we became aware that there was unauthorized access to some employees email accounts. This unauthorized access occurred between January 7 and February 21, 2020. The unauthorized access occurred as a result of phishing schemes sent to the employees email accounts. Phishing is when someone replicates an email from a trusted seed and sends it out in hopes of tricking a someone and gaining unauthorized access to the email account. We quickly secured the email account, began an investigation, and engaged a cybersecurity firm to assist. Our investigation determined that some patient information was included in the email account, including names, dates of birth, medical record numbers, and limited clinical information about guardianship received at University of ut Health. Additionally, on February 3, 2020, we became aware that a common type of malware may have been placed on an employee’s workstation. We quickly secured that workstation, began an investigation into this incident, and engaged a cybersecurity firm to assist. The investigation determined that the malware may get allowed access to some patient information from the employee’s email account, including patient names, dates of birth, medical register numbers, and limited clinical information related to the care U of U Health provided to patients. Notification Letters Our investigations into these incidents is ongoing. However, we have no indication any info has been misused. In an abundance of caution, we began mailing notification letters to patients on march 20, 2020 and have established a dedicated telephone midpoint to answer questions our patients may have. We recommend patients brushup the statements they receive from their healthcare providers. If there are discrepancies or services that you did not receive, please touch the provider immediately. We deeply regret any headache or inconvenience this may reason our patients. We are actively reviewing info protocols, reinforcing info certificate procedures with our employees and implementing changes where needed to aid prevent an incident like this from happening again. Questions or Concerns If you have questions about this incident or believe you may hold been impacted and fare not receive a letter by April 30, please call 1-800-737-4251, Monday through Friday, 7:00 am to 4:30 pm Mountain Time.