As part of our ongoing response to a data privacy event first identified and self-reported to the government in November 2023, UNOS has issued letters to individuals whose personal information was present in the affected IT environments when the event was discovered. In an effort to provide transparency and access to information, today we have posted public notice on our website.
An extensive investigation determined that this was not a data breach: there is no evidence of the misuse of anyone’s data, and the only individuals who had access to the IT environments were known, authorized system users. More information about the investigation and response can be found in this update published on our website in December 2023.
We have closely coordinated with the Health Resources and Services Administration (HRSA) at all stages of our response. HRSA requested that we formally notify in writing those individuals whose confidential information was inadvertently visible to authorized system users and, in mid-August, HRSA approved our notification plan and materials.
Notification letters were mailed this week to individuals whose information was present in the relevant IT environments when the event was discovered. Below is the complete public notice issued today.