As part of our ongoing response to the data privacy event that was first identified and self-reported to the government in November 2023, UNOS issued letters to individuals whose personal information was present in the affected IT environment when the event was discovered, and as part of our efforts to provide transparency and access to information, we posted a public notice on our website today.
After a thorough investigation, we have determined that this was not a data breach. There is no evidence that anyone’s data was misused, and only known, authorized system users had access to the IT environment. For more information about our investigation and response, please see this update published on our website in December 2023.
We have worked closely with the Health Resources and Services Administration (HRSA) throughout all stages of our response. HRSA requested that we formally notify in writing individuals whose sensitive information was inadvertently released to authorized system users, and in mid-August HRSA approved our notification plan and materials.
Notification letters were mailed this week to individuals whose information was present in the affected IT environments when this incident became known. Below is the full notice issued today:
Privacy Event Announcement
