Event Report

Base data

Event code PS-CYA/05571/USA
Main category Public Security Event
Sub category cyber activity
Event date (UTC) Fri, 20 Oct 2023 10:11:53 +0000
Last update (UTC) Fri, 20 Oct 2023 10:11:53 +0000

Geolocation

Continent North-America
Country USA
Administration area State of North Carolina
Settlement Fayetteville
Exact location Cape Fear Valley Health
Open Location Code: 877323J8+JH
Size of affected area Local event
Additional events -

Common Alerting Protocol Information

Urgency Past
Certainty Observed
Severity Extreme
Category Security

Event details

A data breach has affected some patients at Fayetteville-based Cape Fear Valley Health, the hospital system said on Tuesday. Private information about the patients appears to have been copied without authorization in May, according to a notice from research services company Westat Inc. which was handling the patient data. Cape Fear Valley Health has hospitals and other medical services offices in Cumberland, Hoke, and Bladen Counties. Its major facilities are Cape Fear Valley Medical Center in Fayetteville, Highsmith-Rainey Specialty Hospital in Fayetteville, Cape Fear Bladen County Hospital in Elizabethtown, and Hoke Hospital in Hoke County. The breach involves about 1,943 patients, said Chaka Jordan, vice president of marketing and communications at Cape Fear Valley Health. “Almost the entirety of our portion of the breach was for records with dates of service between February 2022 and May 2023,” she said. “One patient’s data was from an Aug. 25, 2021, date of service.” Jordan said the breach involves “data related to some of our patients’ demographics, insurance information, and hospital visits.” The Westat notice says, “The types of personal information that may have been copied by the unauthorized actor include: name, address, date of birth, sex, date of service, provider, diagnosis, payer, and other information from claims.” Patients can learn more about the breach by contacting Westat by phone or by letter.

Patients may call 888-998-8671, between 9 a.m. and 9 p.m. EST, Monday through Friday. They can write to Westat, Attn: Kathy Chimes, at 1600 Research Boulevard, Rockville, MD 20850. “Although Westat is unaware of the misuse of any personal information impacted by this incident, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity,“ Westat’s notice says. “Any suspicious activity should be reported to the appropriate insurance company, health care provider, or financial institution.” Westat said it was using a software tool called MOVEit Transfer, from a company called Progress, to manage the data. Westat on May 30 “detected unusual activity occurring in its MOVEit instance,” the Westat notice said, and on May 31, Progress announced there was a security flaw in its MOVEit Transfer software. Westat then reviewed what happened with its data. “The investigation determined that certain data stored on the MOVEit server may have been copied without authorization between May 28 and May 29, 2023,” Westat said.

Less trusted : Information from a verified source, but false information is possible

Situation update

Casualties

Number of dead: 0 person(s)
Number of injured: 0 person(s)
Number of Affected: 0 person(s)
Number of Rescued/evacuated: 0 person(s)
Number of Missing: 0 person(s)
Number of Infected: 0 person(s)

Event Specific Details


[Public Security Event - cyber activity]

Overview map


Population map

Red circle 10 km, Orange circle 25 km, Yellow circle 50 km

Risk Analisys

Nearest marine ports There is no known marine port nearby.
Nearest airports There is no known marine port nearby.
Nearest nuclear power plant There is no known nuclear power plant nearby.

Country Information

Code2US
CodeUSA
NameUnited States
LocalNameUnited States
GovernmentFormFederal Republic
ContinentNorth America
RegionNorth America
SurfaceArea9363520.00
IndepYear1776
Population278357000
LifeExpectancy77.1
GNP8510700.00
GNPOld8110900.00
Capital3813
2 year(s) ago