Wednesday, April 17, 2024 Apr 17, 2024
84° F Dallas, TX

UT Southwestern One of 400 Organizations Hit by International Data Breach

Russian-based hackers have stolen data from more than 400 organizations around the world, likely impacting more than 20 million people.

Protected health information and patient social security numbers were stolen from UT Southwestern as a part of an international hacking incident that impacted more than 400 organizations worldwide.

UTSW confirmed that in late May, a Russian group called Clop took credit for breaching their data by attacking the university’s use of managed file transfer software MOVEit. Shell, the U.S. Department of Energy, American Airlines, and other large organizations were also hacked in May before MOVEit identified the weakness and stopped the breach, resulting in more than 20 million people in two dozen countries whose personal data was stolen.

UTSW says that Clop stole patients’ names, medical record numbers, date of birth, name of medication, medication dosage, prescribing provider, and Social Security information was stolen from some patients for a smaller group of people. When it was notified on May 28 about the breach, the university said it took steps to secure its networks and limit the info stored in the MOVEit software. Massachusetts-based MOVEit said it stopped the breach on May 31.

The university said it is in the process of identifying patients with personalized messages about what data was stolen as it monitors for future suspicious activity. But receiving a message doesn’t mean one’s data was stolen, and UTSW says it has no indication that stolen information has been used maliciously.

“We deeply regret the occurrence of this incident and any worry, distress, or difficulty that it may cause you, “a statement from UTSW reads. “We want to reassure you that the protection of all UT Southwestern data is a top institutional priority and that this incident is being handled in accordance with UTSW policies and related regulations.”

UTSW is not alone when it comes to North Texas healthcare data breaches. Medical City Healthcare’s parent company was the victim of a hack earlier this month, when 27 million records were stolen and put up for sale on the dark web. The City of Dallas and Dallas County Appraisal District have also been victims of data breaches this year.

Matthew Yarbrough is a cybersecurity lawyer for Michelman & Robinson and a former federal prosecutor. He says that information like name and address are less valuable than social security information on the dark web, where it is often sold via an intermediary. “Social Security Numbers, driver’s license numbers, email addresses, credit card numbers, banking and financial information, and passwords are the holy grail of what you want,” he says.

UTSW did not specify how much data was stolen, if a ransom was involved, how many patients were affected, or if it will continue to work with MOVEit in the future. For more information about the UTSW data breach and information about where to ask follow \-up questions, go here.


Will Maddox

Will Maddox

View Profile
Will is the senior writer for D CEO magazine and the editor of D CEO Healthcare. He's written about healthcare…

Related Articles


Yendo Is Revolutionizing Lending With a Vehicle Equity-secured Credit Card

Yendo has thousands of cardholders across 23 states, and by the time 2024 ends, the local startup will have its product in all 50 states, says CEO Jordan Miller.
Robot truck driving

Robot Trucks Are Among Us

Dallas is the nation's hub of autonomous tractor-trailor testing thanks to good weather and high freight traffic.

How a DFW College Student Is Building a Multimillion-dollar Restaurant Marketing Platform 

Anisha Holla, a 21-year-old UTD student, has built FoodiFy, a dating app for restaurant owners and influencers. She already boasts 25 local restaurant clients.