Some patient information at Medical College of Wisconsin accessed after phishing attack
-
2:45
’It’s gross and disappointing’: Brady St. chaos includes...
-
2:26
How the Racine County Sheriff’s Office is using AI to catch...
-
2:32
MPS board discusses why 13 schools are being considered for closures...
-
2:40
Milwaukee’s Puerto Rican community stung by racist comments...
-
3:11
Push to limit noncitizen voting on Wisconsin ballots
-
2:53
MPD squad cars involved in multiple crashes in 1 night
-
1:39
’We take care of each other’: Organization provides bikes...
-
1:06
Baldwin, Hovde make final push on campaign trail as Senate race...
-
1:03
New gun violence prevention program coming to Milwaukee County
-
1:03
Early voting update in Milwaukee
-
1:26
Go on an adventure into Wonderland at new Shorewood bookstore
-
3:44
UW Health Chief Quality Officer joins CBS 58 to discuss health...
MILWAUKEE (CBS 58) – The Medical College of Wisconsin has notified certain patients about a recently discovered security incident involving a limited number of MCW employee email accounts.
The hospital learned that a small number of faculty and staff were victims of a spear phishing attack to their email system. MCW promptly disabled the impacted email accounts, required password changes to the compromised accounts, maintained heightened monitoring of the accounts and commenced an investigation.
Since completing the investigation and manual document review, on September 20, MCW concluded that an unauthorized third party accessed a limited number of email accounts belonging to MCW employees that contained patients’ protected health information. The investigation further determined that the compromise of the email accounts occurred between July 21 and July 28, 2017, but the forensic firm could not definitively conclude if any information was actually accessed, viewed, downloaded or otherwise acquired by the unauthorized user.
Patient information dealing with names, home addresses, dates of birth, medical record numbers, health insurance information, dates of service, surgical information, diagnosis/condition, and/or treatment information could have been accessed. Social Security numbers and bank account information for a very small number of patients were also contained within the affected email accounts.