Incident that exposed emails to a PayPal scam once again highlights the persistent nature of third-party security risk. Utah eye clinic is in the process of informing 20,000 patients that they were the victims of a data breach that happened a year and a half ago and linked patients to a scam involving PayPal. In line with HIPAA, administrators said they reported the incident to the Department of Health and Human Services, even though no personal medical information was accessed. A report released a year ago by the Ponemon Institute found that 61 percent of U.S. companies said they experienced a data.
Source: https://threatpost.com/eye-clinic-breach-reveals-data-of-20000-patients/149878/