Breach, Data Security

Central Utah Clinic notifies over 30K patients of potential HIPAA breach


More than 30,000 patients of the Central Utah Clinic in Provo, Utah might have had their personal health information viewed by an unauthorized intruder who broke into one of the clinic's servers.

How many victims? 31,677 patients, according to a Central Utah Clinic release 

What type of personal information? Possibly names, dates of birth, Social Security numbers, addresses and phone numbers

What happened? A server at the Central Utah Clinic was compromised by unauthorized intruders in June. The server held some patient information, but also a subset of written imaging and radiology reports dating back to 2010 and earlier.

What was the response? All victims are being notified by letter, and the affected server was isolated. The clinic also contacted authorities and is offering free personal credit monitoring services to the patients.

Details: No evidence has been found to indicate that personal information was viewed or copied from the server to an unauthorized location. Also, the clinic's other servers remained secure.

Quote: “It is important to understand there is no indication that any of our patients' personal information was viewed or copied,” said Scott Barlow, CEO of Central Utah Clinic, in a press release. “Regardless, we are committed to transparency and working with our patients to mitigate possible effects of this occurrence.”

Source:, “PUBLIC NOTICE: Potential Central Utah Clinic HIPAA Breach,” 2014.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.