MORGANTOWN, W.Va. — West Virginia University has advised the campus community that a data breach has occurred, but officials said only a limited number of people and their personal information were compromised.
Officials learned last Nov. 25 that a development webpage launched in December of 2021 contained the information that was then available to the public. As of Nov. 28, 2022, all of the information had been scrubbed from public view.
According to WVU’s chief information officer, Brice Knotts, an investigation determined patient file names were accessible and downloaded by outside parties. The investigation also established that no social security numbers, financial information, birth dates, passwords, addresses, or account numbers were released.
“It was part of a development community,” Knotts said. “When it was configured to be publicly facing, any member of that development community could have downloaded that information, so it’s not possible to identify specific individuals.”
The information that was compromised included the patient’s last name, medical procedure or treatment name, and potential exposure to disease.
Officials clarified that only the file name and not the content of the patient’s medical record were released. Actual medical records are kept on an encrypted file server only accessible by authorized personnel.
“The information that was disclosed was just a file name, not the actual file; it’s important to recognize that,” Knotts said. “The patient’s actual medical record was not released.”
Even though officials believe none of the information has been misused, additional resources and instructions for safeguarding information are being offered to the victims.
“As always, we would advise people to monitor their accounts just to make sure none of their information is being misused,” Knotts said.
Knotts also recommended the use of an account password manager application and noted that some credit card companies offer free identification protection services.
“I think if it were me, I would keep an extra eye on my information and make sure it’s not being misused, which is probably a good thing to do as a general practice,” Knotts said.
People with questions or concerns are asked to contact the WVU Health Sciences Risk Management and Privacy Office toll-free at 1-888-825-1401.