Some WVU Medicine patients have information taken in data breach

Published: Sep. 26, 2023 at 1:18 PM EDT

MORGANTOWN, W.Va (WDTV) - Some WVU Medicine patients have had their information taken in a data breach.

According to a release from WVU Medicine, the data breach occurred through Nuance Communications, which provides software solutions to West Virginia United Health System, or WVUHS.

Nuance Communications used the third-party data transfer system MOVEit Transfer, which reportedly had a “previously unknown vulnerability in their software that allowed an unauthorized third party to take information.”

The following facilities were affected by the data breach:

  • WVU Hospitals, Inc (which includes J.W. Ruby Memorial Hospital)
  • Summersville Regional Medical Center
  • Reynolds Memorial Hospital
  • Berkeley Medical Center
  • Jefferson Medical Center
  • Potomac Valley Hospital, Inc.
  • United Summit Center
  • United Hospital Center, Inc.
  • Wheeling Hospital, Inc.
  • Barnesville Hospital
  • Harrison Community Hospital, Inc.
  • St. Joseph’s Hospital, Inc.
  • Camden-Clark Memorial Hospital
  • Braxton County Memorial Hospital, Inc.
  • Jackson General Hospital
  • Wetzel County Hospital
  • Uniontown Hospital
  • Garrett Regional Medical Center
  • Princeton Community Hospital Association

WVU Medicine said it was not a data breach of any WVU Medicine system but added the impacted data includes information of certain patients who received radiology services, including name, date of service, and reason and description of service.

Officials said the breach occurred on May 28-29, 2023.

Patients who received a letter or are concerned about their data are asked to review their accounts and credit reports for suspicious activity.

Anyone who believes their personal information has been misused is asked to contact the Federal Trade Commission at 1-877-438-4338 or West Virginia Attorney General Patrick Morrisey at 1-800-368-8808.