MUSC Health Hospitals Caught in Westat Data Breach

Westat experienced a data breach through a vulnerability in the MOVEit software.

By HFT Staff


Westat provides research support and services pursuant to hospital and provider contracts with certain governmental agencies, including Medical University Hospital Authority’s MUSC Health hospitals. Westat Inc. is providing notice of a recent incident that may affect the privacy of some personal and/or medical information collected from Medical University Hospital Authority’s hospitals. Westat is unaware of any misuse of individual information and is providing this notice out of an abundance of caution. 

Westat utilized MOVEit Transfer third-party software to manage data it collected and/or maintained on behalf of other organizations. On May 30, 2023, Westat detected unusual activity occurring in its MOVEit instance. Westat immediately took steps to ensure the security of its environment. The following day, MOVEit announced a software vulnerability had affected many companies across various industries. With the assistance of third-party forensic specialists, Westat investigated to determine the nature and scope of the activity. 

The investigation determined that certain data stored on the MOVEit server may have been copied without authorization between May 28 and May 29. Westat conducted a detailed review of the data involved to determine the type of information that was present and to whom it was related. This review confirmed that certain information belonging to medical providers was present in the affected data and was accessed or acquired during the MOVEit incident. Upon completion of this analysis, Westat notified governmental agency partners and affected medical providers and is now providing notification to affected individuals at the direction of certain medical providers involved. 

The types of personal information that may have been copied by the unauthorized actor include patient demographics such as name, address, medical record number, provider name(s), dates of service and date of birth; insurance coverage details; and patient diagnosis codes related to patients’ hospital visits. 



October 19, 2023


Topic Area: Information Technology , Security


Recent Posts

Design, Compartmentation, Training: How Defend-in-Place Strategies Can Protect Patients

Effective defend-in-place strategies depend on compartmentation, fire-rated assemblies and ongoing staff training to protect patients who cannot quickly evacuate.


Milestone Marked with Topping Out Ceremony for BayCare Hospital Manatee

Construction remains on schedule, with crews continuing work on interior spaces, infrastructure and clinical areas throughout the facility.


NYC Health + Hospitals Experiences Third-Party Data Breach

The healthcare organization was notified that a business associate, Solventum Health Information Systems, suffered a data security incident.


Making AI Work for Predictive Maintenance

AI can support predictive maintenance by helping managers anticipate equipment failures, reduce downtime and improve operational efficiency.


Thomas Jefferson University Unveils Plans for Sidney Kimmel Medical College in Allentown, PA

Located at One Center Square, in downtown Allentown, the campus will include more than 54,000 square feet of newly constructed medical education space.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.