Cyber Incident Victim: Medical College of Wisconsin

In July 2017, the Medical College of Wisconsin experienced a data breach involving unauthorized access to its email system through a targeted phishing attack. The incident compromised email accounts containing protected health information and personal data of approximately 9,500 patients. Exposed information included patient names, home addresses, dates of birth, medical record numbers, health insurance details, dates of service, surgical information, diagnoses, medical conditions, and treatment records. The institution discovered the breach during its security monitoring processes, though the exact timeline from intrusion detection to containment wasn't publicly specified. Medical College officials initiated an internal investigation to determine the scope of compromised accounts and affected individuals. Forensic analysis confirmed that the attackers gained access through deceptive email communications designed to harvest legitimate credentials.

The Medical College formally notified all affected patients on November 17, 2017, approximately four months after detecting the incident. Notification letters detailed the types of exposed information and offered complimentary credit monitoring services through Experian's IdentityWorks program. While the breach didn't compromise Social Security numbers or financial account details, the exposed health information carried significant privacy risks under HIPAA regulations. The institution reinforced email security protocols following the incident but didn't disclose specific technical countermeasures implemented. No evidence suggested actual misuse of patient data at the time of notification. The college coordinated with cybersecurity experts to enhance staff training against phishing attempts and reviewed its existing data protection measures in response to the breach. Affected individuals were advised to review statements from their healthcare providers and insurers for any irregularities.