LOUISVILLE, Ky. (WDRB) -- UofL Health shared more details Tuesday about the hack of a third-party software it uses.
According to letters sent to some patients, their social security numbers, insurance information, and other private health information was stolen.
UofL Health said hackers got into its "MOVEit" software, which is used by several of its practices as well as hospitals and medical organizations across the country.
The Louisville hospital system wouldn't say how many patients might be impacted, but that it was only a "small percentage."
UofL said none of its own electronic medical databases were compromised.
Below is the full statement released by UofL Health to WDRB News on Tuesday:
"UofL Health recently learned that it may have been one of the thousands of organizations affected by the MOVEit software vulnerability. A small handful of UofL Health medical practices employed the software to securely transfer patient information. UofL Health promptly engaged a forensic investigator to determine the effects, if any, of the third-party vulnerability on UofL Health and its patients.
Through its investigation, UofL Health determined that some of the files contained certain information about a small percentage of UofL Health patients. It is important to note that this privacy incident involved a vulnerability in third-party software and only affected information sent via that third-party software. The UofL Health network and electronic medical records databases were not compromised and there was no impact on the security or normal operations of UofL Health’s systems.
We mailed notification letters to affected individuals in accordance with state and federal laws. The privacy and security of our patients’ information is critically important to us, and we are continuing to take steps to review and enhance our privacy protocols."
Related Stories:
Copyright 2023 WDRB Media. All Rights Reserved.
