Westat, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Westat, Inc. Data Breach Overview
Westat, Inc., a research and communications company based in Rockville, Maryland, experienced a data breach due to a vulnerability in the MOVEit file-transfer software created by Progress Software. The breach was discovered when Westat detected unusual activity on its MOVEit server on May 30, 2023. An investigation revealed that an unauthorized party accessed and potentially removed files containing sensitive consumer information between May 28 and May 29, 2023[1][4].
Details of the Breach
The compromised information includes names, Social Security numbers, and protected health information. The total number of affected individuals is approximately 70,000, based on filings with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) on October 13 and November 3, 2023[1]. Westat began sending out data breach notification letters to the affected individuals, advising them on how to protect themselves from potential fraud or identity theft[1].
Response and Mitigation
Upon discovering the breach, Westat took immediate steps to secure its environment and engaged third-party cybersecurity specialists to conduct a comprehensive investigation. The company has since implemented all the software security patches provided by MOVEit. Additionally, Westat is offering 12 months of credit monitoring and identity restoration services through IDX, a ZeroFox Company, to those impacted[11].
Broader Impact
The MOVEit software vulnerability affected numerous organizations worldwide, including healthcare providers and other businesses. Westat was one of several entities that reported data breaches due to this vulnerability[5][7]. The breach at Westat specifically affected various healthcare providers, including Henry Ford Health and other entities that Westat provides data management services for[1].
Legal and Consumer Information
Affected individuals have been encouraged to remain vigilant by monitoring their account statements and credit reports for suspicious activity. Legal options may be available to those impacted, and data breach lawyers are investigating the incident to determine potential remedies[6][10].
Company Profile
Westat, founded in 1963, employs more than 1,700 people and generates approximately $367 million in annual revenue. The company offers a range of services, including surveys, program assessments, clinical trials management, epidemiological studies, and communication strategies[1].
Conclusion
The Westat data breach is a significant incident that underscores the importance of cybersecurity measures and the potential risks associated with software vulnerabilities. Affected individuals should take the recommended steps to protect their personal information and consider legal advice if necessary.
Citations:
- https://www.jdsupra.com/legalnews/westat-announces-data-breach-affecting-6907592/
- https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/WestatInc.pdf
- https://www.teiss.co.uk/news/westat-inc-reports-data-breach-due-to-moveit-software-vulnerability-13138
- https://www.doj.nh.gov/consumer/security-breaches/documents/westat-20230721.pdf
- https://www.hipaajournal.com/october-2023-healthcare-data-breach-report/
- https://www.turkestrauss.com/2023/07/25/westat-data-breach-investigation/
- https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html
- https://apps.web.maine.gov/online/aeviewer/ME/40/5f2fb11a-3b55-4a52-aa09-d50b7a996691.shtml
- https://www.mydailyrecord.com/news/personal-info-of-local-patients-risked-in-data-breach/article_f04a39a8-7023-11ee-84a5-6f4388be8b2a.html
- https://www.myinjuryattorney.com/data-breach-investigation-westat/
- https://www.renown.org/About/Westat
- https://www.postandcourier.com/health/data-breach-by-vendor-could-affect-some-patients-of-musc-health-but-no-known-damage/article_7a1ba422-6c51-11ee-a081-5325360d1079.html
- https://www.fayobserver.com/story/news/2023/10/20/data-breach-affects-hospital-patients-n-fayetteville-nc/71229110007/