Medical College of Wisconsin

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Medical College of Wisconsin (MCW) experienced a data security incident involving a third-party vendor’s security vulnerability in the MOVEit Transfer solution, which MCW uses. The incident was discovered on or about September 21, 2023, when it was found that files potentially removed by an unauthorized party around May 27, 2023, contained personal information. This information included full names, dates of birth, Social Security numbers, driver’s license/government identification numbers, financial account information, medical record/patient account numbers, medical diagnosis/treatment information, medical provider names, lab results, prescription information, and health insurance information[1].

MCW has stated that there is no evidence that the personal information has been or will be misused as a direct result of this incident. Nonetheless, MCW notified individuals whose information may have been included in the files potentially removed by the unauthorized party and provided them with best practices to protect their information. Additionally, individuals whose Social Security numbers were included in the impacted files were offered complimentary credit monitoring services[1].

MCW has taken steps to mitigate and assess the scope of the information potentially compromised and has engaged third-party professionals to assist in the investigation and remediation of the vulnerability. They have also committed to maintaining the privacy of personal information and continually evaluate and modify their practices to enhance the security and privacy of the information they maintain[1].

For those seeking more information or to determine if they are impacted, MCW established a dedicated toll-free response line[1].

A class action lawsuit is currently being filed against MCW due to the data breach, and individuals who received a data breach notification letter can contact legal representatives to learn more about the lawsuit and if they are eligible to take legal action[7].

Citations:

  1. https://www.mcw.edu/newsroom/news-articles/medical-college-of-wisconsin-provides-notice-of-data-security-incident
  2. https://www.mcw.edu/about-mcw/terms-and-privacy
  3. https://patch.com/wisconsin/across-wi/data-hack-impacts-local-patients
  4. https://privacyrights.org/data-breaches/medical-college-wisconsin-1
  5. https://datcp.wi.gov/Pages/Programs_Services/DataBreachArchive.aspx
  6. https://healthitsecurity.com/news/phi-of-9.5k-possibly-compromised-in-wi-healthcare-phishing-attack
  7. https://www.thelyonfirm.com/blog/medical-college-of-wisconsin-data-breach/
  8. https://www.mcw.edu/-/media/MCW/About-MCW/Annual-Report/Medical-College-of-Wisconsin-Inc-Fiscal-Year-2023-Audit-Report.pdf
  9. https://www.idstrong.com/data-breaches/medical-college-of-wisconsin-breach/
  10. https://www.wisbar.org/NewsPublications/WisconsinLawyer/Pages/Article.aspx?ArticleID=29982&Issue=8&Volume=96
  11. https://wislawjournal.com/2023/10/11/froedtert-planned-parenthood-marqutte-blackbaud-data-breach/
  12. https://www.classaction.org/data-breach-lawsuits/medical-college-of-wisconsin-november-2023
  13. https://www.mcw.edu
  14. https://casetext.com/case/ntl-processing-v-medical-college-wi
Breach Submission Date Nov 14, 2023
Converted Entity Name Medical College of Wisconsin
Converted Entity Type Healthcare Provider
State WI
Individuals Affected 240,667
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes