The University of Virginia Health System is letting almost 2,000 patients know that their health records may have been exposed when an unauthorized third party gained access to a staffer’s computer several years ago.
How many victims? UVA is notifying 1,882 patients that their data may have been involved.
What type of information? Patient information, which may have included names, diagnoses, treatment information, dates of birth and addresses. Patients’ Social Security numbers and financial information were not viewable.
What happened? According to UVA, an unnamed third party gained access and placed malware on a physicians’ laptop enabling that person to see what the doctor was viewing when the computer was in use. The malware was in place from May 3, 2015 to December 27, 2016. The laptop was used to conduct a variety of UVA Health System business, including accessing medical records and other documents related to patient information.
What was the response? UVA learned of the breach on December 23, 2017 and contacted law enforcement, including the FBI. The unnamed third party has since been arrested and UVA noted that it does not believe the criminal used the information in a malicious manner.
On February 21 the health facility started notifying those involved and has set up a call center, 866-291-7429, to handle any patient inquiries regarding the incident.
Quote: “We recommend that affected patients review the statements received from their health insurer. If there are charges for services the patient did not receive, please contact the insurer immediately. We are sorry this happened and regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we are enhancing the security measures required to remotely access UVA Health System information,” UVA said in a statement.