Medical College of Wisconsin Phishing Attack May Affect Almost 10,500 People

by | Nov 27, 2017

A phishing attack at the Medical College of Wisconsin has lead to the exposure of approximately 9,500 patients’ protected health information. The hackers gained access to the email accounts of staff member, which included a range of private information regarding patients and some faculty employees.

The sort of information in the accessed email accounts included names, addresses, medical record numbers, birth dates, health insurance details, medical histories, treatment details, surgical information, and dates of service. A very limited number of individuals also had their Social Security numbers and bank account information exposed.

The incident occurred over week of July 21-28 2017 when spear phishing emails were broadcast to specific people at the Medical College of Wisconsin. Answering to those emails lead to the attackers gaining access to email login details.

The educational institution contracted in a computer forensics firm to conduct an investigation into the phishing campaign, and while that investigation found that access to the email accounts was gained by unauthorized individuals, it was not possible to rule whether emails containing protected health information had been accessed or seen, or if any sensitive information was taken. Since the cyberattack happened, no reports of illegal use of patient information have been received.

To safeguard individuals from identity theft and fraud, credit monitoring and identity theft restoration services have been offered to breach victims free of charge, but just to those people whose Social Security numbers were taken.

Medical College of Wisconsin remarked that along with some faculty staff and Medical College of Wisconsin patients, some individuals who were provided with treatment at Children’s Hospital of Wisconsin and Froedtert Health have also been harmed by the breach.

The latest Medical College of Wisconsin phishing attack comes roughly 10 months after a similar attack lead to the exposure of 3,200 patients’ protected health information by unauthorized people.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy