UT Southwestern Medical Center Hit in MOVEit Software Vulnerability

UTSW is another victim in a long line of cyberattacks due to vulnerabilities through the MOVEit software.

By HFT Staff


UT Southwestern Medical Center (UTSW) was one of the many organizations, both nationally and internationally, that experienced a cybersecurity attack affecting MOVEit software, which securely moves large data files between networks. On May 30, 2023, it was brought to the attention of the UTSW Privacy Office that on May 28, 2023, an unknown individual exploited a previously unidentified vulnerability within the software, which allowed access to the files stored within UTSW’s MOVEit server. 

As a result of this attack, the UTSW Privacy Office confirmed the theft of certain protected health information. Based on the analysis of the stolen files, patient data varied and may have included name, medical record number, date of birth, name of medication, dosage of medication, prescribing provider and, for a smaller number, Social Security information. 

UT Southwestern is in the process of contacting each impacted patient through direct mail with specifics on the information that was stolen. Once the attack was detected, UT Southwestern immediately took steps to secure systems and networks and limit the amount of information housed within its MOVEit server. A multidisciplinary team at UT Southwestern began identifying both individuals and types of data impacted to prepare notifications. UTSW is now sending personalized notifications to individuals affected to explain the type of data involved. Monitoring for any additional suspicious activities is ongoing and continuous.   



July 27, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

ISSA Introduces Healthcare Platform to Advance Safer, Cleaner Patient Environments

This new resource integrates training, research and cross-sector collaboration to raise care standards and improve patient outcomes.


Third-Party Tracking Settlement is a Compliance Wake-Up Call for Healthcare Facilities Managers

Mount Sinai Health System agrees to a $5.3 million settlement to resolve claims it improperly shared patient data with Facebook through tracking tools.


ECU Health Behavioral Health Hospital Hosts Ribbon-Cutting Ceremony for New Facility

The new facility features 144 beds and a healing environment for behavioral health patients.


Aspire Rural Health System Reports Data Security Incident

Upon detecting the unauthorized activity, Aspire immediately worked to contain the incident and launched a thorough investigation.


Fatal Flaws: Strategies for Active Attackers

Anything that goes wrong with the response is the liability exposure of the organization — not the employee and not the police.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.