UofL Health
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
UofL Health, based in Louisville, Kentucky, experienced a data breach due to a vulnerability in third-party software called MOVEit. The incident was first identified on June 1, 2023, when UofL Health received an alert from its external security vendor. A forensic investigation concluded on June 21, 2023, revealed that an unauthorized party had accessed certain files containing patient information. The compromised data may have included patients’ names, dates of service, dates of birth, patient account numbers, member ID numbers, Social Security numbers, and addresses. However, there was no evidence that the data had been further compromised or misused[1][4][7][10].
The breach was part of a larger incident affecting the MOVEit software, which impacted millions of people across various industries. The vulnerability was disclosed by MOVEit on May 31, and a patch was deployed the same day[10]. UofL Health was one of the thousands of organizations affected by this breach, which also involved other health systems like Johns Hopkins Medicine and Harris Health System[10].
UofL Health’s network and electronic medical records databases were not compromised, and the breach did not impact the security or normal operations of UofL Health’s systems[1][4]. The health system has taken steps to notify affected patients and is offering complimentary credit monitoring and identity theft protection services. They have also established a dedicated call center to answer any questions from patients[1][14].
In response to the incident, UofL Health has continued to implement additional technological and administrative measures to safeguard personal information, including reviewing protocols related to third-party vendors[7][14]. Affected individuals are encouraged to monitor their personal information for signs of fraud and identity theft and to contact credit reporting companies if any suspicious activity is detected[1].
Citations:
- https://uoflhealth.org/moveit/
- https://ufhealth.org
- https://www.bizjournals.com/louisville/news/2021/06/25/uofl-health-data-breach.html
- https://www.whas11.com/article/news/health/small-number-uofl-health-patients-impacted-by-moveit-data-breach/417-5c5a71ea-5a2e-4bc9-8aa9-0bb2e14b6a6b
- https://kykernel.com/99966/news/former-uk-students-weapon-possession-charges-reduced/
- https://www.wdrb.com/news/uofl-cybersecurity-expert-says-size-of-norton-healthcare-made-it-a-target-for-hackers/article_3183fc8e-f0f8-11ed-a137-23495b84afaa.html
- https://www.insideindianabusiness.com/articles/uofl-health-details-privacy-incident
- https://mycb.castlebranch.com
- https://louisville.edu/privacy
- https://www.beckershospitalreview.com/cybersecurity/kentucky-health-system-falls-victim-to-massive-moveit-breach.html
- https://kykernel.com/99729/news/former-uk-student-arrested-for-wanton-endangerment-after-allegedly-making-threats/
- https://www.wdrb.com/news/uofl-health-says-some-patients-impacted-by-third-party-software-hack/article_04bbd4cc-46e0-11ee-a5b6-c3a57adacda8.html
- https://healthitsecurity.com/news/uofl-health-data-breach-occurs-after-phi-sent-to-wrong-email
- https://www.prnewswire.com/news-releases/uofl-health-update-on-previously-disclosed-privacy-incident-301904670.html
- https://www.wdrb.com/news/uofl-health-says-systems-not-impacted-by-hack-of-third-party-company/article_df4add2c-1d37-11ee-a02a-5313b7593400.html
- https://www.courier-journal.com/story/news/local/2023/03/24/lawsuit-says-uofl-health-shares-patient-data-with-facebook-parent-meta/70043128007/