UVA Health System notifies 1,882 patients about potential privacy issue
UVA Health System is notifying 1,882 patients that an unauthorized third party may have been able to view some of their private health information on a UVA physician’s laptop computer and other devices.
On Dec. 23, 2017, University of Virginia Health System learned that this third party may have been able to view patient information on these devices from May 3, 2015, to Dec. 27, 2016.
UVA has been working with the Federal Bureau of Investigation in its investigation and conducted an internal investigation. The investigations determined that the UVA Health System physician’s devices were infected with malicious software that allowed the third party to see what the physician was viewing on his devices at the same time.
During this time period, the physician would conduct UVA Health System business from his devices, which included accessing medical records and other documents containing patient information. The investigations could not rule out that the third party may have been able to view some patient information, which may have included patients’ names, diagnoses, treatment information, addresses and dates of birth. Patients’ Social Security numbers and financial information were not viewable. UVA Health System continues to cooperate with the FBI in its investigation.
The FBI has advised UVA Health System that the third party has been arrested and did not take, use or share patients’ information in any way. But as a precaution, UVA Health System mailed letters to affected patients on Feb. 21, 2018. UVA Health System is also providing a dedicated call center for affected patients. Patients with questions or who need more information can call 1.866.291.7429 between 9 a.m.-5 p.m. Eastern Time, Monday through Friday. More information can be found at the UVA Health System website. UVA Health System recommends that affected patients review statements they receive from their health insurance provider and to contact their insurer immediately if there are charges for services they did not receive.
UVA Health System apologizes for this incident and regrets any inconvenience or concern this causes our patients. To help prevent something like this from occurring in the future, UVA Health System has enhanced the security measures required to remotely access patient information.