According to the U.S. Department of Health and Human Services, protected health information (PHI) of patients’ was affected by a data breach at the University of Utah Health.
This is the third phishing attack on University of Utah this year. Previous attacks were reported in March and April.
The latest attack occurred between April 6 and May 22. An employee, believing it to be legitimate, responded to the phishing email which allowed hacker to gain unauthorised access.
An investigation was launched by the university and the email accounts were secured.
The university said that it cannot offer further details on the nature or scope of its ramifications as it’s an active investigation.
The patient information that may have been exposed includes names, medical record numbers, date of birth and limited clinical information.
“University is reviewing its security protocols to safe guard and protect the data from future phishing attacks and working to implement enterprise-wide security enhancements, including expanded use of multi-factor authentication,” according to a press release.