By HFT Staff

UT Southwestern Medical Center (UTSW) was one of the many organizations, both nationally and internationally, that experienced a cybersecurity attack affecting MOVEit software, which securely moves large data files between networks. On May 30, 2023, it was brought to the attention of the UTSW Privacy Office that on May 28, 2023, an unknown individual exploited a previously unidentified vulnerability within the software, which allowed access to the files stored within UTSW’s MOVEit server. 

As a result of this attack, the UTSW Privacy Office confirmed the theft of certain protected health information. Based on the analysis of the stolen files, patient data varied and may have included name, medical record number, date of birth, name of medication, dosage of medication, prescribing provider and, for a smaller number, Social Security information. 

UT Southwestern is in the process of contacting each impacted patient through direct mail with specifics on the information that was stolen. Once the attack was detected, UT Southwestern immediately took steps to secure systems and networks and limit the amount of information housed within its MOVEit server. A multidisciplinary team at UT Southwestern began identifying both individuals and types of data impacted to prepare notifications. UTSW is now sending personalized notifications to individuals affected to explain the type of data involved. Monitoring for any additional suspicious activities is ongoing and continuous.