Last week, the University of Washington Medical Center (“UWMC”) issued a press release explaining the details of a recent data breach and corrective action undertaken. Specifically, in early October 2013, a UWMC employee opened an email attachment that contained malicious software (“malware”). The malware took control of the computer in use, which stored the data of roughly 90,000 patients from UWMC and Harborview Medical Center (“HMC”). UWMC discovered the incident the next day and began its investigation and remedial measures.
The breached data may include patient names, medical record numbers, demographic information including addresses and phone numbers, dates of service, charge amounts, Social Security numbers, Medicare numbers, and dates of birth. Notices were sent to all patients whose information was believed to have been breached. UWMC also set up a call center to answer any questions that affected patients may have.
In addition to notifying patients, UWMC notified appropriate governmental agencies of the incident. Cooley will continue to monitor government reactions and any enforcement actions that may result.