The Medical College of Wisconsin has mailed letters to about 3,200 patients notifying them about a recently discovered security incident involving an employee's email account.
On July 5, the college noticed unusual activity associated with an employee's email account, according to a news release. Upon discovering the issue, MCW took action to prevent further access and began an investigation. The college retained an independent computer forensic firm to investigate the abnormal activity.
On Aug. 3, the forensic investigation determined that an unauthorized third-party had accessed the email account over three days from July 2-4. The incident did not impact the security of any other MCW email accounts, networks or servers, according to the release.
The email account in question contained full names, dates of birth, home addresses, medical record numbers, and codes or notes related to diagnosis or treatment provided. Also, the Social Security numbers of two patients were included in the email account. No health insurance, credit card, banking or other financial information was contained in the email account.
To date, MCW is not aware of any reports of identity fraud, theft or other harmful activity resulting from the incident. Additionally, there is no forensic evidence concluding that any personal or health information was actually acquired or viewed. MCW will provide credit monitoring as appropriate for the patients whose Social Security numbers were in the email account. There is no action that other patients need to take, according to the release.