Cyber Incident Victim: Ohio State University Veterinary Medical Center

On January 21, 2017, the Ohio State Veterinary Medical Center at Dublin disclosed a security breach involving a malware infection that potentially compromised the personal information of up to 4,611 clients. The malware attack targeted systems containing sensitive client data, including bank account details, credit card numbers, driver’s license information, and Social Security numbers. While the exact timeline of the infection and its duration were not publicly specified, the center confirmed the incident occurred on or around the disclosure date. Affected individuals received notifications about the potential exposure of their confidential information, though officials emphasized no evidence confirmed data exfiltration or unauthorized viewing. The breach exclusively impacted clients of the Dublin veterinary facility, a branch of Ohio State University’s veterinary services, with no indication of wider university system involvement.

In response to the incident, Ohio State University spokesperson Ben Johnson issued a statement assuring clients that forensic investigations found no proof of data theft or misuse. The veterinary center proactively alerted all potentially affected individuals despite this lack of confirmed data compromise, advising vigilance regarding financial accounts and personal information. No specific containment measures, malware removal procedures, or system restoration details were disclosed publicly. The incident highlighted risks to client data within specialized university-affiliated medical facilities, though no subsequent reports of identity theft or fraud directly linked to this breach emerged from available sources. The university did not disclose whether law enforcement was involved or if regulatory agencies were formally notified beyond the client communications.