February 2024 update: A class-action lawsuit related to the Diligent Corporation security incident has been settled. Those whose personal data was affected by the incident will be notified by a postcard from Diligent in February 2024 about how to file for claim benefits.


(January 17, 2023) – UCHealth was recently informed by Diligent Corporation, known as Diligent, a software company focused on providing  business operations tools for UCHealth, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.

Diligent provides hosted services to UCHealth and reported to UCHealth that Diligent’s software was accessed and attachments were downloaded including UCHealth files. Importantly, UCHealth’s systems, including its email and electronic medical record, were not impacted by this incident.

UCHealth values its patients, and protecting their data is a top priority. Though we have no reason to believe the data taken from Diligent’s system went beyond the cybercriminal or was misused in any way, we are sharing this information so patients, employees, and providers may protect themselves by watching for any suspicious activity or possible identity theft. Individuals who may be involved in this incident are being notified per state and federal reporting requirements.

Information potentially affected varied based on the type of attachments downloaded by the cybercriminal and may have included name, address, date of birth and treatment-related information. In very limited cases, Social Security numbers or other financial information may have been involved, as well.

We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’, employees’, and providers’ information.

Diligent says it has taken additional steps to protect data and prevent this type of attack from happening again.

If you have any questions or need additional information regarding this incident, please call (855) 624-6798, Monday through Friday, 7:00 a.m. to 4:30 p.m. MST (excluding major U.S. holidays). Individuals can get information on protecting themselves from identity theft from the notice potentially affected individuals receive in the mail, from the Federal Trade Commission by visiting the Colorado Attorney General’s Stop Fraud website or by calling 877.ID-THEFT (877.438.4338). National credit reporting agencies can be contacted at:

Equifax
1.866.349.5191
www.equifax.com
P.O. Box 740241
Atlanta, GA 30374

Experian
1.888.397.3742
www.experian.com
P.O. Box 2002
Allen, TX 75013

TransUnion
1.800.888.4213
www.transunion.com
P.O. Box 2000
Chester, PA 19016