Spearphishing attack at Medical College of Wisconsin exposes 9.5k patient records

Milwaukee-based Medical College of Wisconsin is notifying 9,500 patients to a potential breach of their sensitive information after some faculty and staff members fell victim to a spear phishing attack targeting their email system, a hospital spokesperson confirmed to Becker's Hospital Review.

An unauthorized third party accessed a limited number of email accounts between July 21 and July 28 belonging to MCW employees, compromising patients protected health information. Patients' names, home addresses, dates of birth, medical record numbers, health insurance information, dates of service, surgical information, diagnosis and condition and treatment information were contained in the email accounts. Social Security numbers and bank account information for a small number of patients were also affected.

After discovering the incident, the hospital disabled the accounts and mandated password changes to those compromised. MCW completed an investigation Sept. 20, but to this date, is not aware of any reports of identity fraud, theft or improper use of the information.

MCW is advising affected patients on best practices to protect their information, including reviewing statements they receive from health insurance providers. It is offering credit monitoring and identity theft restoration services to those whose Social Security numbers were potentially exposed.

More articles on cybersecurity:

Alleged incident at Experian Health exposes at least 700 Cook County Health and Hospitals System patients' information
8 cybersecurity predictions for 2018
7 cybersecurity trends from 2017

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months