Louisville, Ky.-based UofL Health confirmed that it has been affected by the data breach on popular file transfer tool MOVEit, which has affected millions of people across a variety of industries.
On June 1, the health system learned that it was one of the organizations affected by the breach on MOVEit, according to an Aug. 18 press release from the health system.
The breach on MOVEit was started due to a security vulnerability in its software that ransomware group Clop has claimed responsibility for exploiting. MOVEit disclosed the vulnerability on May 31, and it has since been patched.
On June 21, after an investigative review, UofL Health found that the breach caused the hackers to gain access to certain files that contained patients' names, dates of service, dates of birth, patient account numbers, member ID numbers, Social Security numbers and addresses.
The health system did not mention how many patients were affected.
UofL Health said it has notified all affected individuals and is providing them with complimentary credit monitoring and identity theft protection services.
Other health systems targeted in the MOVEit breach include Baltimore-based Johns Hopkins Medicine and Bellaire, Texas-based Harris Health System.