Cyber Incident Victim: University of Wisconsin Health
Date:
Mar 2017
Location:
United States of America
Summary
An unauthorized individual gained access to an employee's email credentials at UW Health, compromising information for 2,036 patients. The breach exposed personal and medical details including names, addresses, dates of birth, medical histories, treatment dates, provider names, visit reasons, medications, diagnostic results, and social histories, though financial data, Social Security numbers, insurance details, and medical records remained unaffected. The organization disabled the compromised account, initiated an investigation, and notified impacted individuals via mailed letters while establishing a dedicated call center for inquiries.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 16, 2017, an unauthorized individual gained access to a University of Wisconsin Health employee's email account by compromising the employee's credentials. The breach remained undetected until March 28, 2017, when UW Health security personnel identified the intrusion. Upon discovery, UW Health immediately disabled the compromised account and reset the associated password to prevent further unauthorized access. The organization initiated a forensic investigation to determine the scope and nature of the incident. This investigation revealed that certain emails within the breached account contained protected health information (PHI) belonging to 2,036 patients. The exposed data fields included patient names, physical addresses, dates of birth, dates of medical service, treating providers' names, reasons for clinical visits, medical histories, diagnosed conditions, prescribed medications, diagnostic test results, and social history details.
The compromised information did not include more sensitive financial or identity verification elements such as Social Security numbers, credit card information, health insurance policy numbers, or other banking details. UW Health confirmed that electronic medical record systems remained unaffected by the breach, with exposure limited exclusively to contents within the hijacked email account. Between May and June 2017, the organization mailed individualized notification letters to all 2,036 impacted patients, providing details about the breach and guidance on potential next steps. For patients who did not receive notification letters by June 8, 2017, or who required additional clarification, UW Health established a dedicated call center operational Monday through Friday from 1:00 AM to 8:00 PM Central Time at 1-888-742-9174. The investigation concluded without public disclosure of the attacker's identity, motives, or methods beyond the confirmed credential compromise, and UW Health implemented unspecified internal security enhancements following the incident.