MUSC Health Hospitals Caught in Westat Data Breach

Westat experienced a data breach through a vulnerability in the MOVEit software.

By HFT Staff


Westat provides research support and services pursuant to hospital and provider contracts with certain governmental agencies, including Medical University Hospital Authority’s MUSC Health hospitals. Westat Inc. is providing notice of a recent incident that may affect the privacy of some personal and/or medical information collected from Medical University Hospital Authority’s hospitals. Westat is unaware of any misuse of individual information and is providing this notice out of an abundance of caution. 

Westat utilized MOVEit Transfer third-party software to manage data it collected and/or maintained on behalf of other organizations. On May 30, 2023, Westat detected unusual activity occurring in its MOVEit instance. Westat immediately took steps to ensure the security of its environment. The following day, MOVEit announced a software vulnerability had affected many companies across various industries. With the assistance of third-party forensic specialists, Westat investigated to determine the nature and scope of the activity. 

The investigation determined that certain data stored on the MOVEit server may have been copied without authorization between May 28 and May 29. Westat conducted a detailed review of the data involved to determine the type of information that was present and to whom it was related. This review confirmed that certain information belonging to medical providers was present in the affected data and was accessed or acquired during the MOVEit incident. Upon completion of this analysis, Westat notified governmental agency partners and affected medical providers and is now providing notification to affected individuals at the direction of certain medical providers involved. 

The types of personal information that may have been copied by the unauthorized actor include patient demographics such as name, address, medical record number, provider name(s), dates of service and date of birth; insurance coverage details; and patient diagnosis codes related to patients’ hospital visits. 



October 19, 2023


Topic Area: Information Technology , Security


Recent Posts

Henry Ford Health to Pay Settlement in Data Breach Lawsuit

The settlement comes more than a year after the March 2023 data breach.


Shots Fired Inside Kentucky Hospital

A police officer shot the alleged gunman once, hitting him.


Ground Broken on Expansion of UNM Hospital Children's Psychiatric Center

The construction process is expected to take two years to complete.


What Amenities Can Relieve Stress at Children's Hospitals?

Hospital admissions can be stressful, but designers are looking for ways to help ease this tension.


Riverview Health Experiences E-mail Account Data Breach

The incident was detected on August 23.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.