Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The University of Utah Health discloses security breach

The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts. The University of Utah Health disclosed a security breach, the research hospital has discovered unauthorized access to some employee email accounts along with the presence of malware on its systems. […]

Xsolis

The University of Utah Health disclosed a security breach, it has discovered malware on its systems and revealed unauthorized access to some employee email accounts.

The University of Utah Health disclosed a security breach, the research hospital has discovered unauthorized access to some employee email accounts along with the presence of malware on its systems.

Attackers breached the organization with a phishing attack, the intrusion took place between January 7 and February 21, 2020.

“From January 22 to February 27, 2020, we became aware that there was unauthorized access to some employees’ email accounts. This unauthorized access occurred between January 7 and February 21, 2020. The unauthorized access occurred as a result of phishing schemes sent to the employees’ email accounts.” reads the alert issued by the hospital.

“We quickly secured the email account, began an investigation, and engaged a cybersecurity firm to assist.”

The University of Utah Health announced that it has immediately secured the compromised accounts and launched an investigation.

The investigation determined that some patient information was exposed, including names, dates of birth, medical record numbers, and limited clinical information about care received at the hospital.

The investigation additionally revealed that the staff at the hospital discovered on February 3, 2020, that an employee’s workstation had been infected with a common type of malware.

“Additionally, on February 3, 2020, we became aware that a common type of malware may have been placed on an employee’s workstation. We quickly secured that workstation, began an investigation into this incident, and engaged a cybersecurity firm to assist.” continues the alert. “The investigation determined that the malware may have allowed access to some patient information from the employee’s email account, including patient names, dates of birth, medical record numbers, and limited clinical information related to the care U of U Health provided to patients.”

The investigation into the incident is still ongoing, the good news is that the hospital is not aware of any abuse of the exposed information.

The University of Utah Health is notifying the impacted patients via letter, it also established a dedicated call center to provide them support and answer their questions. Patients are recommended to review statements received from their healthcare providers and immediately report discrepancies or services that they did not receive.

“We deeply regret any concern or inconvenience this may cause our patients. We are actively reviewing information protocols, reinforcing information security procedures with our employees and implementing changes where needed to help prevent an incident like this from happening again,” the hospital concludes.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, University of Utah Health)

[adrotate banner=”5″]

[adrotate banner=”13″]