LOUISVILLE, Ky., Aug. 18, 2023 /PRNewswire/ — UofL Health announced today that it is mailing letters to patients whose information may have been involved in a recent privacy incident. This incident involved a vulnerability in third-party software and only affected information sent via that third-party software. The UofL Health network and electronic medical records databases were not compromised and there was no impact on the security or normal operations of UofL Health’s systems. 

On June 1, 2023, UofL Health received an alert from its external security vendor that it may have been one of the thousands of organizations affected by the MOVEit software vulnerability. A small handful of UofL Health medical practices employed the software to securely transfer patient information. UofL Health promptly engaged a forensic investigator to determine the effects, if any, of the third-party vulnerability on UofL Health and its patients. On June 21, 2023, the forensic investigator finished its investigation revealing that the vulnerability allowed an unauthorized party to access certain files.

Through its investigation, UofL Health determined that some of the files contained information about a small percentage of UofL Health patients that may have included patients’ names, dates of service, dates of birth, patient account numbers, member ID numbers, Social Security numbers, and addresses. No evidence suggests that this data has been further compromised and UofL Health has found no evidence that patient information has been misused.

UofL Health is notifying the patients whose information was identified in the files involved in this incident. Additionally, UofL Health has created a dedicated, toll-free call center to answer any questions patients may have. If you have questions, please call 833-627-2802, Monday through Friday, between 9 a.m. and 9 p.m., Eastern Time. For patients whose information is involved, UofL Health is offering complimentary credit monitoring and identity theft protection services.

UofL Health is deeply committed to the confidentiality, security, and safety of information in its care. UofL Health’s existing policies and procedures allowed it to quickly address the vulnerability disclosed by the vendor and minimize the impact to patients. In the wake of this incident, UofL Health has continued to implement additional technological and administrative measures to safeguard personal information, including a review of protocols related to third-party vendors.

Additional information can be found on UofL Health’s website at www.uoflhealth.org.

About UofL Health:

UofL Health is a fully integrated regional academic health system with eight hospitals, four medical centers, Brown Cancer Center, Eye Institute, nearly 200 physician practice locations, and more than 1,000 providers in Louisville and the surrounding counties, including southern Indiana. Additional access to UofL Health is provided through a partnership with Carroll County Memorial Hospital.

With more than 13,000 team members – physicians, surgeons, nurses, pharmacists and other highly-skilled health care professionals, UofL Health is focused on one mission: to transform the health of communities we serve through compassionate, innovative, patient-centered care.

Contact: David McArthur, 502-588-4444, [email protected]

SOURCE UofL Health