HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Data of 31K Patients Exposed by Potential HIPAA Breach at Utah Clinic

The Central Utah Clinic is the latest healthcare facility to announce it has suffered a potential HIPAA breach after an unknown group or individual was identified as having had unauthorized access of a server. The server was accessed in June although it cannot be determined if the intruders viewed any protected health information. No evidence has so far been found to suggest that material was copied from the server or was indeed viewed. The clinic confirmed that only one server was affected and hardware used by the clinic remained secure and was unaffected by the security incident.

The data breach potentially affects 31,677 patients of the Central Utah Clinic according to a press release issued by the hospital. The victims are being contacted by mail to advise them of the potential data breach and that the problem has been resolved and data now secured. In accordance with HIPAA regulations the appropriate authorities were advised of the intrusion and alerted to the potential compromising of some protected health information.

Data stored on the server included names and addresses of patients, Social Security numbers, date of birth and contact telephone numbers. The server did not contain highly detailed medical information, although the data included more than 4 years of records from radiology, including images and written reports.

The Central Utah Clinic has reassured patients that there was no indication that any confidential or identifying data was viewed during the intrusions or copied to an unauthorized location and it has offered to work closely with patients to “mitigate possible effects of this occurrence”.

Please see the HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.