UW Medicine reports computer security breach into files of 90,000 patients

SEATTLE -- A computer security breach at UW Medicine led to the downloading of malware that enabled outside access to the data files of about 90,000 Harborview Medical Center and the UW Medical Center patients, UW Medicine said on its website.

"Based on the results of an internal investigation, it is believed that patient information was not sought or targeted," UW Medicine said in its Nov. 27 website post. "However, the malware accessed the data files of roughly 90,000 Harborview Medical Center and University of Washington Medical Center patients."

The Seattle Times said Social Security numbers of about 15,000 patients may have been stolen, and that UW Medicine is going to offer some patients a free credit-monitoring service for a period of time.

UW Medicine said the incident was referred to the FBI and that patients may be contacted by the FBI as part of its investigation.

"In early October 2013, a UW Medicine employee opened an email attachment that contained malicious software (malware)," the post said. "The malware took control of the computer, which had patient data stored on it. UW Medicine staff discovered this incident the following day and immediately took measures to prevent any further malicious activity."

It said data about patients may have included: name, medical record number, other demographics (which may include address, phone number), dates of service, charge amounts for services received at UW Medicine, Social Security Number or HIC (Medicare) number, and date of birth.

"The affected patients will receive direct mail correspondence from UW Medicine. In addition, a vendor (ID Experts) will be managing a call center on behalf of UW Medicine. Beginning November 29th, the call center hours are 6 AM-6 PM Pacific Standard Time, Monday-Friday. The toll-free phone number is 1-877-271-1533, (International callers, please call 503-597-7682)," the UW Medicine post said.

"UW Medicine is committed to providing quality care and protecting patients’ personal information, and sincerely apologizes for the inconvenience and concern this may be for affected patients," it added.