A data breach has hit a Utah medical services provider, exposing the records of nearly 600,000 patients.

The incident happened at Utah Imaging Associates, a radiology medical practice based in Farmington, Utah.After taking action to secure their network, Utah Imaging Associates engaged a third-party cybersecurity firm to conduct an investigation to determine the nature and scope of the incident.

Advertisements

The investigation was not good news for the company’s patients. Data stolen involved personally identifiable information of 582,170 people. The data consisted of first and last name, mailing address, date of birth, Social Security number, health insurance policy number and medical information. The company did not provide any details on how the data theft took place.

Utah Imaging Associates claims that there is no evidence of the misuse of the stolen data. As a precaution, the company is offering those impacted free credit monitoring and identity theft restoration services through IDX.

The standout part of the breach notification was the more than two-month delay between the theft of data taking place and Utah Imaging Associates informing patients.

Patient records were likely used for nefarious activities without the patient even knowing records were stolen,When data breaches like this happen, it is crucial to notify as soon as the breach is confirmed. Timely notification allows patients to take proactive measures before their stolen records are abused, such as freezing credit and setting up account monitoring alerts.

Advertisements

Protection of medical data should be a high priority, and those who store and use this data should regularly review processes and procedures, along with technical controls, that relate to the data protection