A Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal.
The breach at the Utah Valley Eye Center in Provo, Utah, that exposed patient emails once again highlights third-party risk in terms of data security. It also sheds light on the added requirements of medical providers under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) when data breaches occur.