9500 patient’s information has been exposed in a phishing attack to a Medical College of Wisconsin. The attackers got access to the email account of employees working in the college that contained PHI of patients and other sensitive information of faculty members. The type of information available was names, medical record no., DOB, details of health insurances, the names, surgical information, service date, information about treatment and medical diagnosis. A few patients also have their financial information and Social Security nos.
This instance happened during a week between 21st July and 28th July when the employees of the Medical College received phishing emails. Answering those emails caused the attackers to access all the sensitive information available in the mailbox. Medical College of Wisconsin contacted computer forensics organization to make an investigation of the attack. According to that investigation, illegal people got access to the email accounts of the employees. Moreover, it was not found either PHI has been viewed, accessed or stolen. They did not receive any report for data misuse.
In order to protect the people from the identity fraud and theft, identity theft security services and financial monitoring services has been offered to the affected people without any cost. This offer was only made for the people who lost the information about the Social Security Numbers.
According to Medical College of Wisconsin’s report the attack affected the faculty members and patients of Medical College of Wisconsin and even the patients of Children’s Hospital of Wisconsin and Froedtert also got affected due to the issue. Previously, the last phishing attack on Medical College of Wisconsin happened right after 10 months of previous exposure of 32oo patient’s PHI.