Utah Valley Eye Center based in Provo, UT sent breach notification letters to patients concerning an unauthorized person that potentially accessed some of their personal information as a result of its scheduling reminder web portal’s security being compromised on June 28, 2018.
The hacker was able to get the email addresses of 5,764 eye center patients and sent a phishing email to each address in a feat to obtain their login credentials to PayPal. The phishing emails mimicked PayPal and informed the email recipients that a payment is made to their Paypal account.
After knowing about the incident, Utah Valley Eye Center alerted all the people who were sent the phishing email. No evidence showed that information was accessed or misused. Nevertheless, the hacker might have viewed the names of patients, birth dates, addresses, and phone numbers. It is likewise believed that no personal health or financial information was accessed by the hacker.
The hacker sent 5,764 phishing emails, but Utah Valley Eye Center cannot ascertain how many patients were impacted by the phishing emails. According to a Daily Herald press release, the demographic information of approximately 20,000 patients could have been compromised.
Utah Valley Eye Center had submitted the security breach report to the HHS, the Utah Department of Human Services, the Utah Department of Health and notified the people impacted by the breach to monitor their credit details as a safety precaution against the misuse of their data.
It is not certain when Utah Valley Eye Center found out about the breach. There is also no reason given why the center took a while to issue a press release about the data breach.