Charlottesville, VA (WHSV)-- The University of Virginia Health System is alerting 1,882 patients that an unauthorized third party may have been able to see their private health information on a physicians laptop computer or other devices.
According to a release, the breach happened between May 3, 2015 and December 27, 2016. UVA Health System learned about the incident on December 23, 2017.
UVA has been working with the FBI on its investigation and conducting an internal investigation. So far, the investigation determined the physician's devices were infected with malicious software that allowed the third party to see what the physician was looking at on his devices at the same time.
Investigators could not rule out that the third party may have been able to see patient information, such as names, diagnoses, treatments, addresses and dates of birth.
According to the release, patient Social Security numbers and financial information were not viewable.
The FBI said the third party was arrested and did not take, use or share patient information in any way.
UVA Health is also providing a dedicated call center for affected patients, which is available Monday through Friday from 9 a.m. to 5 p.m. at (866) 291-7429.
The health system recommends patients review their statements from their insurance providers and contact their insurer immediately if there are charges for services they did not receive.
Security measures have now been enhanced for remote access to patient information to help prevent a similar occurrence in the future.