Submitted by UW Medicine
On Dec. 26, 2018, UW Medicine became aware of a vulnerability on a website server that made protected internal files available and visible by a search on the internet on Dec. 4, 2018. The files contained protected health information about reporting that UW Medicine is legally required to track, such as reporting to various regulatory bodies in compliance with Washington state reporting requirements. When we learned of the exposure of the files to the internet, we took immediate steps to remove the information from the site and initiated appropriate measures to remove saved information from any third-party sites. At this time, there is no evidence that there has been any misuse or attempted use of the information exposed in this incident.
The files contained patients’ names, medical record numbers, and a description and purpose of the information. The files did not contain any medical records, patient financial information or any Social Security numbers.
Based on the results of our internal investigation, we are in the process of distributing letters to approximately 974,000 affected patients and have reported this incident to the Office for Civil Rights. Additionally, a trusted vendor, ID Experts, will be managing a call center and website (https://ide.myidcare.com/uwmedicine) on behalf of UW Medicine beginning Feb. 20. The call center hours are 5 a.m. to 5 p.m., Pacific Standard Time, Monday-Friday. The toll-free number is 844-322-8234.
We sincerely regret that this incident occurred and apologize for any distress this may cause our patients and their families. UW Medicine is committed to providing quality care while protecting patients’ personal information. We are reviewing our internal protocols and procedures to prevent this from happening again.