434.924.3627
Online Appointments

Use our form

Visitor Information

434.924.3627

Make an Appointment

434.243.3675

Patient Services
CSE Search Patients
Home > Privacy Notice for UVA Health System Patients

Privacy Notice for UVA Health System Patients

University of Virginia Health System is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

On December 23, 2017, we learned that an unauthorized third party may have been able to view patient information on a UVA Health System physician’s laptop computer and other devices from May 3, 2015, to December 27, 2016. We have been working with the FBI in its investigation and conducted an internal investigation. The investigations determined that the UVA Health System physician’s devices were infected with malicious software that allowed the third party to see what the physician was viewing on his devices at the same time. During this time period, the physician would conduct UVA Health System business from his devices, which included accessing medical records and other documents containing patient information. The investigations could not rule out that the third party may have been able to view some patient information, which may have included patients’ names, diagnoses, treatment information, dates of birth and addresses. Patients’ Social Security numbers and financial information were not viewable. We continue to cooperate with the FBI in its investigation.

The FBI has advised us that the third party, who has been arrested, did not take, use or share patients’ information in any way. However, as a precaution, we mailed letters to affected patients on Feb. 21, 2018. We also opened a dedicated call center for patients with questions. To reach the call center, please call 866.291.7429 between 9 a.m. and 5 p.m. Eastern Time, Monday through Friday. We recommend that affected patients review the statements received from their health insurer. If there are charges for services the patient did not receive, please contact the insurer immediately.

We are sorry this happened and regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we are enhancing the security measures required to remotely access UVA Health System information.