University of Colorado Hospital Authority Announces Third-Party Data Breach Following Incident at Diligent Corporation

Console and Associates, P.C.

On January 17, 2023, the University of Colorado Hospital Authority (“UCHealth”) filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after learning about a cybersecurity incident at one of the organization’s vendors, Diligent Corporation. Based on a notice provided on the UCHealth website, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, financial account information, dates of birth, and protected health information. After confirming that consumer data was leaked, the University of Colorado Hospital Authority began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you are among the 48,879 individuals who received a data breach letter from UCHealth, it means that your sensitive information was leaked in the recent Diligent Corp. data breach. As we’ve discussed in prior posts, cybercriminals routinely target healthcare providers and related companies in hopes of obtaining information they can use to commit identity theft and other frauds. Thus, as a result of the UCHealth / Diligent data breach, you are now at a significantly increased risk of being the target of identity theft or other frauds.

What We Know So Far About the Diligent Corporation Breach

The available information regarding the Diligent Corporation breach comes from the UCHealth filing with the U.S. Department of Health and Human Services Office for Civil Rights. UCHealth also posted a notice of the data breach on its website. According to these sources, Diligent Corp. is a software company that provides business operations tools for UCHealth. Recently, Diligent informed UCHealth that it had experienced a cybersecurity incident impacting its computer network that compromised certain information related to UCHealth patients. However, UCHealth’s systems, including its email and electronic medical record, were not impacted by this incident.

Upon discovering that sensitive consumer data was made available to an unauthorized party, UCHealth began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, financial account information, date of birth, and protected health information.

On January 17, 2023, Diligent Corporation sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

About the University of Colorado Hospital Authority

University of Colorado Hospital Authority is a locally owned, private, not-for-profit healthcare organization based in Aurora, Colorado. UCHealth serves patients throughout Colorado, southern Wyoming and western Nebraska, providing a wide range of healthcare and healthcare-related services. UCHealth operates or is affiliated with over 600 offices. UCHealth employs more than 27,000 people and generates approximately $5.4 billion in annual revenue.

About Diligent Corporation

Diligent Corporation is a software-as-a-service company based in New York City, New York. The company develops software focused on governance, risk and compliance. Diligent has more than 25,000 customers and over one million active users. Diligent Corp. employs more than 760 people and generates approximately $250 million in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide