Westat promptly launched an investigation, with the assistance of cybersecurity professionals, into the nature and scope of the MOVEit vulnerability. On September 28, 2023, Westat sent Prime Healthcare the files of its patients involved, which contained the name and one or more of the following for certain patients: date of birth, address, medical record number, Social Security Number, admission date, and discharge date.
The identified vulnerability on the MOVEit Transfer server has been patched. Westat also reviewed the protocols in place with vendors to help prevent something like this from happening again.z
For eligible individuals whose Social Security numbers may have been involved in the incident, Westat is offering complimentary credit monitoring and identity protection services through Kroll. If you believe you are affected by this incident and did not receive a notice letter by November 17, 2023, please call 1-888-566-8328 Monday through Friday, between 9:00 a.m. to 5:00p.m. Eastern Time (excluding major U.S. holidays).