On October 10, 2024, UT Southwestern was made aware of an unintentional improper disclosure of protected health information. UT Southwestern has received no indication that the information has been used inappropriately but is notifying those involved out of an abundance of caution and in accordance with UTSW policy.
Workforce members using a third-party calendar management tool inadvertently permitted vendor access to some calendars, which in some instances included patients’ protected health information.
This may have included information such as name, date of birth, medical record number, phone number, date of service of planned services, medical diagnosis, lab results, medication information, insurance benefits information, and, in some instances, partial social security numbers. It did not include credit card numbers or other financial account information.
UTSW has implemented robust processes to limit the amount of information shared with third-party vendors and will continue monitoring for sensitive data leaving its network and systems.
UNC Health, Duke Health Form Partnership for Stand-alone Children's Hospital
Sarasota Memorial Hospital Plans to Build New Facility in North Port
CMMS, Data and the Path to Compliance
Healthcare is a Major Ransomware Target
Woodland Recovery Center to Expand with New Facility in Mississippi