On the website of Utah Pathology Services, a network of anatomic and clinical pathology doctors and clinics based in Salt Lake City, the headline "NOTICE OF DATA INCIDENT" dominates the front page. The company, which was founded over 80 years ago, is clearly taking a recent data security incident seriously. According to the company, information about its 112,000 patients might have been accessed. And Utah Pathology said in its notice that the hack "did not involve any patient information, or the completion of any financial transactions," the data in question did include "the personal information of certain individuals."
About Utah Pathology ServicesFounded in 1939, the company provides medical services across the state of Utah, working with a network of licensed medical doctors and doctors of osteopathic medicine, including pathologists who have specialty training in cytopathology, hematopathology, and gastrointestinal pathology. Services provided include pap smears, biopsies, cytology, dermatopathology and hematopathology, and general clinical pathology and pathology consults.
An unknown third party attempted to redirect funds from Utah Pathology via an email attack. Utah Pathology Services says it learned of the incident on June 30, 2020, and quickly secured the email account that was targeted and launched an investigation with the help of independent IT security and forensic investigators. While details of the attack were not disclosed, the broad outlines of the incident fits the profile of a business email compromise, a tactic that has cost U.S. companies over $10 billion between October 2013 and July 2019, according to the FBI. The Utah Pathology Services incident has not led to any fraudulent financial transactions being conducted yet, but the investigation found that the attackers could still have accessed information about patients.