DALLAS — Patient data at UT Southwestern Medical Center, including social security numbers for some, was stolen in a cyberattack on the Dallas hospital's software, officials announced Thursday.
The hospital was notified on May 30 that two days earlier, on May 28, "an unknown individual exploited a previously unidentified vulnerability within the software," allowing them to access files stored on the hospital's MOVEit server.
The hospital's privacy office confirmed that some protected health information was stolen as a result of the attack. The information included patient data that could have included name, medical record number, date of birth, name of medication, dosage of medication and prescribing provider.
A smaller number of patients could have had their social security number accessed, the hospital confirmed.
UT Southwestern officials said they were among many organizations across the country that were hit with the cyberattack that targeted MOVEit software.
Hospital officials said they are in the process of contacting impacted patients through the mail with details on what was stolen.
The total number of patients impacted was not available.
"Once the attack was detected, UT Southwestern immediately took steps to secure systems and networks and limit the amount of information housed within its MOVEit server," hospital officials said in a release.
UT Southwestern officials said they haven't been notified that the stolen data is being used "in a malicious manner."
"We deeply regret the occurrence of this incident and any worry, distress, or difficulty that it may cause you," the hospital officials said in their statement.