Almost 1 million UW Medicine patients' information exposed in data breach

SEATTLE -- UW Medicine is sending letters to 974,000 patients about a data breach that exposed some of their information on the internet.

According to UW Medicine, a "vulnerability" on a website server made protected internal files available and visible by searching on the internet. The website error happened Dec. 4, but wasn't discovered by UW Medicine until Dec. 26.

The files that went public did not contain any medical records, patient financial information or Social Security numbers. They included protected health information and reporting that UW Medicine is legally required to track. The files contained patients’ names, medical record numbers, and a description and purpose of the information.

The files have since been removed from public view, and UW officials say they have taken steps to remove information that was saved to third-party sites.

"At this time, there is no evidence that there has been any misuse or attempted use of the information exposed in this incident," the news release said.

UW is sending letters to the affected patients, and the data breach has been reported to the Office for Civil Rights.

The university has also hired a vendor, ID Experts, to manage a call center and website.

The call center will open Feb. 20. Its hours will be 5 a.m. - 5 p.m. Monday-Friday. The phone number is 844-322-8234.

"We sincerely regret that this incident occurred and apologize for any distress this may cause our patients and their families. UW Medicine is committed to providing quality care while protecting patients’ personal information. We are reviewing our internal protocols and procedures to prevent this from happening again," UW Medicine said in a prepared statement.