UW Medicine Data Error Exposes Patient Information—Valley’s Patient Data Remains Secure and is Not Affected
On Dec. 26, 2018, UW Medicine became aware of a vulnerability on a website server that made protected internal files available and visible by internet search on Dec. 4, 2018. The files contained protected health information (PHI) that UW Medicine is legally required to track and report to various regulatory bodies in compliance with Washington state reporting requirements. When UW Medicine learned of the exposure of the files to the internet, they took immediate steps to remove the information from the site and initiated appropriate measures to remove saved information from any third-party sites. At this time, there is no evidence that there has been any misuse or attempted use of the information exposed in this incident.
The files contained patients’ names, medical record numbers, and a description and purpose of the information. The files did not contain any medical records, patient financial information or Social Security numbers.
Rest Assured, Valley’s Patient Data Remains Secure
Valley Medical Center’s patient data was not exposed as it remains separate from UW Medicine. However, some Valley patients who also seek care at UW Medicine might have had their UW Medicine-specific data exposed in this incident.
Valley’s Data Security Measures are Robust
Valley’s digital security and monitoring program to prevent exposure and data breach is robust. Through prevention management, security tools and procedures, thorough response to attempted hacking and quarterly tests conducted by a trusted outside agency, Valley actively protects its patient health information.
What UW Medicine is Doing in Response & Who Concerned Patients Can Contact for More Information
Based on the results of their internal investigation, UW Medicine is sending a notification letter to approximately 974,000 affected patients and has reported this incident to the Office for Civil Rights. Additionally, a trusted vendor, ID Experts, will be managing related patient inquiries on behalf of all UW entities via their call center and website (https://ide.myidcare.com/uwmedicine), beginning February 20. The call center hours are 5 a.m. to 5 p.m., Pacific Standard Time, Monday-Friday. The toll-free number is 844.322.8234.
Sincere Regret from UW Medicine
UW Medicine offers their sincere regret that this incident occurred and apologizes for any distress this may cause patients and families. UW Medicine is committed to providing quality care while protecting patients’ personal information. They are reviewing internal protocols and procedures to prevent this from happening again.