Confidential information of 9,500 patients at the Medical College of Wisconsin compromised

Confidential medical information or other personal data of 9,500 patients at the Medical College of Wisconsin was compromised by a targeted attack on the school’s email system in July, the Medical College said Friday.

The compromised email accounts contained one or more of the following types of information: patients’ names, home addresses, dates of birth, medical record numbers, health insurance information, dates of service, surgical information, diagnosis or medical condition, and treatment information.

Social Security numbers of 34 patients and the bank account information of one patient were in the affected email accounts, the Medical College said.

The Medical College said it has notified the patients of the security breach.

The information was compromised when the email accounts of a limited number of Medical College employees were targeted in what is known as a "spear phishing" attack — an email sent to a specific person or small number of people in an organization to avoid detection.

The Medical College hired a computer forensic firm to analyze the extent of the breach.

The investigation, completed on Sept. 20, could not determine definitively if any information was accessed by an unauthorized user, the Medical College said in its statement.

The Medical College recommended that affected patients review the statements that they receive from their health insurers.

It also said that credit monitoring and identity theft services have been provided to the patients whose Social Security numbers may have been compromised.

The medical school has set up a dedicated toll-free response line that patients can call to get additional information: (844) 666-7416, Monday through Friday, from 8 a.m. to 8 p.m.

Patients also can visit www.mcw.edu for additional information.