Meadville Medical Center reports potential data breach of third party

Meadville Medical Center has issued a notice regarding a potential data breach concerning patient care. The breach is associated with Westat Inc., a company that offers a range of data collection and management services to various organizations as part of the National Hospital Care Survey (NHCS).

NHCS's primary objective is to gather data concerning patient care within hospital-based settings to analyze healthcare delivery and utilization trends in the United States. Meadville Medical Center actively participates in this survey and shares specific patient information with Westat to contribute to the collection of healthcare statistics for public health purposes.

The incident in question came to light on May 30, 2023, when Westat detected unusual activities within a third-party software vendor's system, affecting a substantial number of companies spanning different industries. Westat implemented security measures in collaboration with third-party forensic experts, initiating an investigation to ascertain the nature and extent of the incident.

Given the date of the event, it's probable that the incident is caused by MOVEit vulnerability.

Westat is in the process of notifying individuals who may have had their information accessed during the breach and is offering affected individuals 12 or 24 months of credit monitoring services. It appears that only general patient information from MMC was potentially compromised as a result of the Westat data breach.

No details are available about the exposed information or the number of affected individuals.