Medical Center Reports Security Breach Affecting 90,000 Patients

A recent incident at the University of Washington Medical Center (UWMC) potentially exposed patient information and put the medical center at risk. According to a Nov. 22 announcement by UWMC, an employee opened an e-mail attachment containing malware that took over the employee’s computer and exposed information about patients. The information may have included names, Social Security numbers, birth dates, and other information about patients treated at UWMC and Harborview Medical Center, both in Seattle. The breach was discovered by staff the following day, and they took immediate action to prevent further incursions and notified the Federal Bureau of Investigation. Investigators do not believe the patient data was the target of the breach. The UW Medicine system consists of eight hospitals, clinics, and other kinds of treatment facilities. The 90,000 patients will receive a direct mail correspondence from the medical center apologizing for any inconvenience or concern the affected patients may experience. In addition, UW Medicine has set up a call center managed by an identity expert to answer questions from affected patients or others that may have questions about actions they may take to protect themselves. A review of security procedures and a training and outreach effort have also been initiated for employees. Takeaway: Employees must always follow security procedures when working on any computer that may have a link to their hospital or laboratory computer network.