Wisconsin Urology Group Notifies Patients of Data Breach Due to Ransomware Attack

March 23, 2017
Wauwatosa, Wis.-based Metropolitan Urology Group has notified its patients of a breach of unsecured patient health information due to a ransomware attack back in November 2016.

Wauwatosa, Wis.-based Metropolitan Urology Group has notified its patients of a breach of unsecured patient health information due to a ransomware attack back in November 2016.

According to a statement on the medical group’s website, on January 10th, 2017, Metropolitan Urology Group (MUG) was made aware that a ransomware attack that occurred November 28, 2016 exposed certain patient health information to the hackers who infected two MUG servers with the ransomware virus.

According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) breach portal, the breach affected the protected health information (PHI) of 17,634 individuals, and the breach notification was submitted to OCR on March 10th. The incident was categorized as hacking/IT incident on a network server.

“MUG has been working with a premier, international information technology firm to remove the ransomware virus and is taking steps to ensure that such attacks never occur again. MUG has blocked all traffic from accessing the affected servers,” the medical group stated. Further, the medical group wrote in the statement, “MUG has installed the best firewall protection and secure email system. It is protecting all devices used by MUG employees, and updating its policies and procedures to reflect these technological changes. MUG is also conducting a risk analysis of its information technology system to detect any other vulnerabilities that may exist so it can quickly correct them. Both MUG and its information technology vendor, Digicorp, will be undergoing training on information security.”

The information exposed relates to services provided to patients by MUG between 2003 and 2010 and includes patient first and last name, procedure codes, dates of service, patient account number or patient control number and provider identification number. Less than five patients also had the social security numbers exposed.

The medical group is offering all affected patients free credit monitoring for a year. It has also established a call center to answer questions from patients.

Sponsored Recommendations

Elevating Clinical Performance and Financial Outcomes with Virtual Care Management

Transform healthcare delivery with Virtual Care Management (VCM) solutions, enabling proactive, continuous patient engagement to close care gaps, improve outcomes, and boost operational...

Examining AI Adoption + ROI in Healthcare Payments

Maximize healthcare payments with AI - today + tomorrow

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...