Wisconsin Urology Group Notifies Patients of Data Breach Due to Ransomware Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Wisconsin Urology Group Notifies Patients of Data Breach Due to Ransomware Attack

March 23, 2017
by Heather Landi
| Reprints

Wauwatosa, Wis.-based Metropolitan Urology Group has notified its patients of a breach of unsecured patient health information due to a ransomware attack back in November 2016.

According to a statement on the medical group’s website, on January 10th, 2017, Metropolitan Urology Group (MUG) was made aware that a ransomware attack that occurred November 28, 2016 exposed certain patient health information to the hackers who infected two MUG servers with the ransomware virus.

According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) breach portal, the breach affected the protected health information (PHI) of 17,634 individuals, and the breach notification was submitted to OCR on March 10th. The incident was categorized as hacking/IT incident on a network server.

“MUG has been working with a premier, international information technology firm to remove the ransomware virus and is taking steps to ensure that such attacks never occur again. MUG has blocked all traffic from accessing the affected servers,” the medical group stated. Further, the medical group wrote in the statement, “MUG has installed the best firewall protection and secure email system. It is protecting all devices used by MUG employees, and updating its policies and procedures to reflect these technological changes. MUG is also conducting a risk analysis of its information technology system to detect any other vulnerabilities that may exist so it can quickly correct them. Both MUG and its information technology vendor, Digicorp, will be undergoing training on information security.”

The information exposed relates to services provided to patients by MUG between 2003 and 2010 and includes patient first and last name, procedure codes, dates of service, patient account number or patient control number and provider identification number. Less than five patients also had the social security numbers exposed.

The medical group is offering all affected patients free credit monitoring for a year. It has also established a call center to answer questions from patients.

 

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Study will Leverage Connecticut HIE to Help Prevent Suicides

A new study will aim to leverage CTHealthLink, a physician-led health information exchange (HIE) in Connecticut, to help identify the factors leading to suicide and to ultimately help prevent those deaths.

Duke Health First to Achieve HIMSS Stage 7 Rating in Analytics

North Carolina-based Duke Health has become the first U.S. healthcare institution to be awarded the highest honor for analytic capabilities by HIMSS Analytics.

NIH Releases First Dataset from Adolescent Brain Development Study

The National Institutes of Health (NIH) announced the release of the first dataset from the Adolescent Brain Cognitive Development (ABCD) study, which will enable scientists to conduct research on the many factors that influence brain, cognitive, social, and emotional development.

Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.