Cape Fear Valley Health reports MOVEit related third party data breach
Learn More
A data breach affecting patients at Cape Fear Valley Health, based in Fayetteville, is reported by the hospital system. The breach, which occurred in May, involved the unauthorized copying of private patient information, as reported by Westat Inc., a research services company that was handling the patient data.
The breach incident was detected when Westat observed unusual activity within its MOVEit instance, a software tool used for data management. On May 31, Progress, the company behind MOVEit Transfer software, announced a security flaw in the software, indicating a potential vulnerability that could have contributed to the breach.
The breach affected approximately 1,943 patients, primarily involving records with dates of service between February 2022 and May 2023, although one patient's data was from an earlier date in August 2021.
The compromised data includes
- name,
- address,
- date of birth,
- sex,
- date of service,
- provider,
- diagnosis,
- payer,
- other claims-related information.
While Westat has no evidence of personal information misuse resulting from the breach, individuals are advised to remain vigilant against potential identity theft by reviewing account statements and benefit explanations for any unusual activity and reporting any suspicious activity to the relevant insurance company, healthcare provider, or financial institution.
