Utah Imaging Associates Files Data Breach Notice With Office Of The Maine Attorney General – Data Security Incident May Have Resulted In Unauthorized Access To Sensitive Personal Information
According to the “Notice of data breach” letter located on the website of the Office of the Maine Attorney General:
On September 4, 2021, UIA [Utah Imaging Associates, Inc.] detected and stopped a network security incident. Upon discovery of this incident, UIA promptly secured and began remediating our network. UIA also engaged a specialized third-party cybersecurity firm to conduct a comprehensive investigation to determine the nature and scope of the incident. The forensic investigation has found evidence that some UIA files containing sensitive data were available to the unauthorized actor during the incident. This letter serves to notify you that it is possible the following information related to you, if provided to UIA, may have been exposed to the unauthorized party: first and last name; mailing address; date of birth; Social Security number; health insurance policy number; medical information, including, but not limited to, medical treatment, diagnosis, and prescription information. We maintained this information for patient care and administrative purposes. Notably, the types of information affected varied by individual, and not every individual had every element exposed. [Emphasis added.]
Please click UIA Notice Of Data Breach to read the full text of the data breach notification letter.
On November 22, 2021, Govinfosecurity.com reported that “[a] recent hack of a Utah medical radiology group’s network server has compromised sensitive health information of more than a half-million patients, ranking the incident among the 20 largest health data breaches posted on the federal tally so far this year.”
Govinfosecurity.com also reported that “[t]he Department of Health and Human Services’ HIPAA Breach Reporting Tool website, which lists health data breaches affecting 500 or more individuals, shows that UIA reported the incident on Nov. 3 as affecting nearly 584,000 individuals.”
The Maine Attorney General’s website (accessed 11/23/2021) reflects that 582,170 individuals were affected, including 51 Maine residents, during the data breach which occurred between August 29, 2021 and September 4, 2021.
Have You Been Impacted by A Data Breach?
If so, please complete the form on the right or contact Kehoe Law Firm, P.C., [email protected], for a free, no-obligation evaluation of potential legal claims.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.