On September 26, 2023, West Virginia University Health System posted a website notice informing patients of a third-party data breach involving an incident that occurred at Nuance Communications. In this notice, WVU Medicine explains that the incident resulted in an unauthorized party being able to access patients’ sensitive information, which includes their names, dates of service, and reasons and descriptions of service. Upon completing its investigation, WVU Medicine began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Nuance Communications or West Virginia University Health System, it is essential you understand what is at risk and what you can do about it. While the incident didn’t affect WVU Medicine’s computer system, hackers were able to access patient data through one of WVU Medicine’s vendors. This necessarily exposes affected patients to a higher risk of identity theft. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the WVU Health System vendor data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting WVU Health System Patients?
The data breach affecting WVU Health System patients was only recently announced, and more information is expected in the near future. However, WVU Medicine’s September 26 website notice provides some information on what led up to the breach.
According to this source, the incident involved a data breach at Nuance Communications (“Nuance”), which is a Microsoft-owned software company based in Burlington, Massachusetts. While WVU Medicine’s notice doesn’t explain how the breach occurred, Nuance recently submitted its own data breach notice based on an incident involving a vulnerability in MOVEit, a popular file-transfer application. While it cannot be confirmed the two incidents are related, it appears that they are.
Evidently, the Nuance data breach affected certain WVU Medicine patients who received radiology services. While the breached information varies depending on the individual, it may include your name, date of service, and reason and description of service.
On September 26, 2023, WVU Health System posted a public notice on its website informing patients of the breach. In this notice, WVU Medicine indicated that Nuance Communications previously sent out data breach notices to anyone affected by the incident. These letters should provide victims with a list of what information belonging to them was compromised.
Note that this incident did not involve hackers breaching WVU Medicine’s IT network.
More Information About West Virginia University Health System
Founded in 1996, the West Virginia University Health System is a large healthcare system based out of Morgantown, West Virginia. WVU Medicine operates hospitals and health institutes throughout West Virginia, Maryland, and Ohio, including WVU Cancer Institute, WVU Eye Institute, WVU Heart and Vascular Institute, WVU Rockefeller Neuroscience Institute, and WVU Critical Care and Trauma Institute. WVU Health System employs more than 25,880 people and generates approximately $4 billion in annual revenue.