February 2024 update: A class-action lawsuit related to the Diligent Corporation security incident has been settled. Those whose personal data was affected by the incident will be notified by a postcard from Diligent in February 2024 about how to file for claim benefits.
UCHealth was recently informed by Diligent Corporation, a software company that provides business operations tools for UCHealth and other organizations, that Diligent experienced a security incident that impacted data held by Diligent on its servers. Some of UCHealth’s patient, provider or employee data may have been included in this incident.
Diligent provides hosted services to UCHealth and reported that Diligent’s software was accessed, and attachments were downloaded including UCHealth files.
Importantly, UCHealth’s systems, including its electronic medical record, were not impacted by this incident.
UCHealth values its patients, employees and providers, and protecting their data is a top priority. Though we have no reason to believe the person who took the data from Diligent’s system shared or misused it in any way, we are sharing this security incident so individuals may protect themselves by watching for any suspicious activity or possible identity theft. Individuals who may be involved are being notified per state and federal reporting requirements.
Information involved varied based on the type of attachments downloaded by the cybercriminal and may have included name, address, date of birth and treatment-related information. In very limited cases, Social Security numbers and financial information, such as banking information, may have been involved.
We apologize for the concern and inconvenience this data breach may cause, and we remain committed to safeguarding our patients’, employees’ and providers’ information.
Diligent says it has taken additional steps to protect its data and prevent this type of attack from happening again.
Additional information is available on UCHealth’s website. Individuals can get information on protecting themselves from identity theft from the notice potentially involved individuals receive in the mail, from the Federal Trade Commission, by visiting the Colorado Attorney General’s Stop Fraud website, or by calling 877.ID-THEFT (877.438.4338). National credit reporting agencies can be contacted at:
P.O. Box 740241
Atlanta, GA 30374
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016