LOUISVILLE, KY – August 18, 2023 – UofL Health, Inc. announced today that it is mailing letters to patients whose information may have been involved in a recent privacy incident.
If you received a letter, please refer to the additional information below:
On June 1, 2023, UofL Health received an alert from its external security vendor that it may have been one of the thousands of organizations affected by the MOVEit software vulnerability. A small handful of UofL Health medical practices employed the software to securely transfer patient information. UofL Health promptly engaged a forensic investigator to determine the effects, if any, of the third-party vulnerability on UofL Health and its patients. On June 21, 2023, the forensic investigator finished its investigation revealing that the vulnerability allowed an unauthorized party to access certain files.
What Information Was Involved?
Through its investigation, UofL Health determined that some of the files contained information about a small percentage of UofL Health patients that may have included patients’ names, dates of service, dates of birth, patient account numbers, member ID numbers, Social Security numbers, and addresses. No evidence suggests that this data has been further compromised and UofL Health has found no evidence that patient information has been misused.
This incident involved a vulnerability in third-party software and only affected information sent via that third-party software. The UofL Health network and electronic medical records databases were not compromised and there was no impact on the security or normal operations of UofL Health’s systems.
What We Are Doing
UofL Health is notifying the patients whose information was identified in the files involved in this incident. Additionally, UofL Health has created a dedicated, toll-free call center to answer any questions patients may have. For patients whose information is involved, UofL Health is offering complimentary credit monitoring and identity theft protection services.
UofL Health is committed to the confidentiality and security of patient information and continues to evaluate and enhance its security protocols for third-party service providers.
What You Can Do
Affected individuals: We still have no indication that the information has been misused, but we encourage you to actively monitor your personal information for the possibility of fraud and identity theft. You can review your credit report and credit card, bank, and other financial statements for any unauthorized activity. If you notice any suspicious charges, notify your financial institution immediately.
In addition, the notification letter we sent you provides additional steps that you can take to protect yourself, as well as instructions on how to enroll in a complimentary credit monitoring and identity theft protection service. This service will be completely free.
If you believe you have been the victim of identity theft or have reason to believe your information is being used to commit fraud, we urge you to immediately contact the police and file a police report. Obtain a copy of the police report as you may need to provide copies of the report to creditors to clear up your records. You may also contact the Federal Trade Commission and the Attorney General’s Office in your state. You may obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting companies. To order your annual free report, please visit www.annualcreditreport.com, call toll free at 1-877-322-8228, or directly contact the three nationwide credit reporting companies:
Equifax: 1-888-766-0008, https://www.alerts.equifax.com
Experian: 1-888-397-3742, https://www.experian.com/fraud/center.html
TransUnion: 1-800-680-7289, https://www.transunion.com/fraud-victim-resource/place-fraud-alert
Others: Your information was not identified in any files that were involved in the incident. However, it might be good practice to actively monitor your personal information for any suspicious activity. You can review your credit report and credit card, bank, and other financial statements for any unauthorized activity. If you notice any suspicious charges, notify your financial institution immediately.
For More Information
If you have questions, please call 833-627-2802, Monday through Friday, between 9 a.m. and 9 p.m., Eastern Time.