An unauthorized third party may have accessed the protected health information of nearly 1,882 University of Virginia Health System's patients that was stored on a physician's laptop and other devices.
UVA Health System discovered Dec. 23, 2017 a third party may have been able to view patients' protected health information from May 3, 2015, to Dec. 27, 2016. The health system has been working with the FBI and has been conducting an internal investigation, which found devices used by one of its physicians had been infected with malware that allowed the unauthorized individual to see what the physician was viewing on his devices at the same time.
The physician would use his devices to access medical records and other documents containing patient information, which may have included patients' names, diagnoses, treatment information, dates of birth and addresses. Social Security numbers and financial information were not compromised. UVA Health System's investigation could not conclude whether or not the third party actually viewed any data.
According to the FBI, the third party has been arrested. The individual did not take, use or share patients' data, but out of an abundance of caution, UVA Health System mailed letters to affected patients on Feb. 21, 2018.
"We are sorry this happened and regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we are enhancing the security measures required to remotely access UVA Health System information," the notice reads.
Becker's Hospital Review reached out to UVA Health System for comment. This article will be updated should more information become available.
More articles on cybersecurity:
What's up with cryptocurrencies? 5 coin values as of Feb. 20
Siemens, IBM join 6 other tech companies to launch cybersecurity charter
The most common type of data breach in hospitals? Paper records, study suggests