Almost 18k records exposed in Metropolitan Urology Group ransomware attack

  • Small
  • Medium
  • Large

Wauwatosa, Wis.-based Metropolitan Urology Group notified patients of a breach of protected health information, including patient names, procedure codes and dates of service. Fewer than five patients also had their Social Security numbers exposed.

A ransomware attack infected two Metropolitan Urology Group servers on Nov. 28, 2016. On Jan. 10, the group learned the attack exposed some patient health information to the hackers. The information encompassed 17,634 patients who received services between 2003 and 2010, according to HIPAA Journal.

To remedy this issue, Metropolitan Urology Group worked with an IT firm to remove the ransomware virus, installed firewall protection and established a secure email system. The group is also planning to conduct a risk analysis of its IT system to detect other vulnerabilities.

"Unfortunately, data breaches are becoming more and more commonplace in the marketplace," Steve Lyons, spokesperson for Metropolitan Urology Group, told Becker's Hospital Review via phone. "We've done everything in our power to make sure it doesn't happen again. We've been transparent — and we've taken pride in that — we've contacted all of our clients and former clients, and we've let them know of the data breach."

"We've tried to be a good steward," he added. "We're working with our clients and former clients to make sure that they're satisfied with our actions."

Metropolitan Urology Group also set up a call center to answer patient questions and is offering all impacted patients free credit monitoring services for a year.

Click here to read the Metropolitan Urology Group release.

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars