Westat, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Westat, Inc. Data Breach Overview

Westat, Inc., a research and communications company based in Rockville, Maryland, experienced a data breach due to a vulnerability in the MOVEit file-transfer software created by Progress Software. The breach was discovered when Westat detected unusual activity on its MOVEit server on May 30, 2023. An investigation revealed that an unauthorized party accessed and potentially removed files containing sensitive consumer information between May 28 and May 29, 2023[1][4].

Details of the Breach

The compromised information includes names, Social Security numbers, and protected health information. The total number of affected individuals is approximately 70,000, based on filings with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) on October 13 and November 3, 2023[1]. Westat began sending out data breach notification letters to the affected individuals, advising them on how to protect themselves from potential fraud or identity theft[1].

Response and Mitigation

Upon discovering the breach, Westat took immediate steps to secure its environment and engaged third-party cybersecurity specialists to conduct a comprehensive investigation. The company has since implemented all the software security patches provided by MOVEit. Additionally, Westat is offering 12 months of credit monitoring and identity restoration services through IDX, a ZeroFox Company, to those impacted[11].

Broader Impact

The MOVEit software vulnerability affected numerous organizations worldwide, including healthcare providers and other businesses. Westat was one of several entities that reported data breaches due to this vulnerability[5][7]. The breach at Westat specifically affected various healthcare providers, including Henry Ford Health and other entities that Westat provides data management services for[1].

Legal and Consumer Information

Affected individuals have been encouraged to remain vigilant by monitoring their account statements and credit reports for suspicious activity. Legal options may be available to those impacted, and data breach lawyers are investigating the incident to determine potential remedies[6][10].

Company Profile

Westat, founded in 1963, employs more than 1,700 people and generates approximately $367 million in annual revenue. The company offers a range of services, including surveys, program assessments, clinical trials management, epidemiological studies, and communication strategies[1].

Conclusion

The Westat data breach is a significant incident that underscores the importance of cybersecurity measures and the potential risks associated with software vulnerabilities. Affected individuals should take the recommended steps to protect their personal information and consider legal advice if necessary.

Citations:

  1. https://www.jdsupra.com/legalnews/westat-announces-data-breach-affecting-6907592/
  2. https://consumer.sc.gov/sites/consumer/files/Documents/Security%20Breach%20Notices/WestatInc.pdf
  3. https://www.teiss.co.uk/news/westat-inc-reports-data-breach-due-to-moveit-software-vulnerability-13138
  4. https://www.doj.nh.gov/consumer/security-breaches/documents/westat-20230721.pdf
  5. https://www.hipaajournal.com/october-2023-healthcare-data-breach-report/
  6. https://www.turkestrauss.com/2023/07/25/westat-data-breach-investigation/
  7. https://konbriefing.com/en-topics/cyber-attacks-moveit-victim-list.html
  8. https://apps.web.maine.gov/online/aeviewer/ME/40/5f2fb11a-3b55-4a52-aa09-d50b7a996691.shtml
  9. https://www.mydailyrecord.com/news/personal-info-of-local-patients-risked-in-data-breach/article_f04a39a8-7023-11ee-84a5-6f4388be8b2a.html
  10. https://www.myinjuryattorney.com/data-breach-investigation-westat/
  11. https://www.renown.org/About/Westat
  12. https://www.postandcourier.com/health/data-breach-by-vendor-could-affect-some-patients-of-musc-health-but-no-known-damage/article_7a1ba422-6c51-11ee-a081-5325360d1079.html
  13. https://www.fayobserver.com/story/news/2023/10/20/data-breach-affects-hospital-patients-n-fayetteville-nc/71229110007/
Breach Submission Date Oct 13, 2023
Converted Entity Name Westat, Inc.
Converted Entity Type Business Associate
State MD
Individuals Affected 50,065
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes