FAYETTEVILLE, N.C. (WNCN) – It’s a data breach that goes back more than two years.

Personal information such as insurance, patients’ demographics, and hospital visits are among the information stolen from 1,943 Cape Fear Valley Health patients.

The breach involved a third-party software company, MOVEit Transfer, used by Westat, Inc. Westat manages medical records for Cape Fear Valley Medical Center and other clinics.

According to Cape Fear Valley Health, almost the entirety of this breach was for records with dates of service between Feb. 2022 and May 2023. One patient’s data was from an Aug. 25, 2021 doctor’s visit.

“Cape Fear Valley Health takes patient privacy very seriously and continuously implements measures to safeguard patient data,” a statement from Cape Fear Valley Health said.

Cape Fear Valley Health is encouraging any concerned patients to call Westat’s toll-free number, (888) 998-8671. Patients whose data was involved in the breach will be contacted by Westat via mail and are eligible to receive free credit monitoring and identity restoration services to ensure their privacy and security.

“Westat is unaware of any misuse of individual information and is providing this notice out of an abundance of caution. Westat notified governmental agency partners and data owners and is now providing notification to impacted individuals at the direction of certain data owners. Westat also notified federal law enforcement, the U.S. Department of Health and Human Services and other regulators, as required. Westat takes the incident and security of personal information in its care seriously. Since discovering this incident, Westat conducted an extensive investigation, working with third-party specialists to assess the security of relevant systems and reduce the likelihood of a similar future incident,” Kelly Kennedy with Westat said in a statement.