UT Southwestern Medical Center impacted by MOVEit vulnerability breach, patient data stolen
Take action: UT Southwestern Medical Center in Dallas suffered a cyberattack when an unknown individual exploited a previously unknown vulnerability in their software on May 28. The breach allowed the attacker to gain access to files stored on the hospital's MOVEit server, potentially compromising patient data, including protected health information such as names, medical record numbers, dates of birth, medication details, and prescribing providers. Additionally, a limited number of patients may have had their social security numbers accessed during the breach. The hospital's privacy office confirmed the theft of some protected health information. UT Southwestern is among several organizations across the country targeted by this cyberattack, all of which were using MOVEit software. The hospital is currently in the process of notifying impacted patients through mail, providing them with details about the information that was stolen. Although the exact number of affected patients is not yet available, the hospital is taking immediate measures to secure their systems and networks, and they have not received any reports of the stolen data being used maliciously. In a statement, UT Southwestern expressed regret for the incident and the potential worry, distress, or difficulty it may cause the affected patients.
Learn More
UT Southwestern Medical Center in Dallas suffered a cyberattack by exploiting the vulnerability in the hospital's MOVEit server, potentially compromising patient data.
The attacker managed to gain access to files containing protected health information such as
- names,
- medical record numbers,
- dates of birth,
- medication details,
- prescribing providers.
Additionally, a limited number of patients may have had their social security numbers accessed during the breach.
The hospital's privacy office confirmed the theft of some protected health information.
The hospital is currently in the process of notifying impacted patients through mail, providing them with details about the information that was stolen. Although the exact number of affected patients is not yet available, the hospital is taking immediate measures to secure their systems and networks, and they have not received any reports of the stolen data being used maliciously.
