Healthcare Information Security

Latest Health Data Breaches News

Metropolitan Urology Ransomware Attack Affects 18K Patients

A recent ransomware attack may have exposed the information of patients who received services at a facility between 2003 and 2010.

Ransomware attack impacts approximately 18,000 Metropolitan Urology patients.

Source: Thinkstock

By Elizabeth Snell

- Wisconsin-based Metropolitan Urology Group (MUG) recently notified patients that it had experienced a ransomware attack on November 28, 206.

MUG explained in a statement on its website that it became aware of the incident on January 10, 2017.

Hackers reportedly infected two MUG servers, potentially exposing data related to services provided to patients by MUG between 2003 and 2010. This includes first and last names, procedure codes, dates of services, patient account number or patient control number, and provider identification number. MUG added that less than five patients also had their Social Security numbers exposed.

The healthcare organization said it has been working with a technology firm to remove the ransomware virus and is also working to ensure that these types of attacks do not happen again.

“MUG has blocked all traffic from accessing the affected servers,” the statement read. “It has installed the best firewall protection and secure email system. It is protecting all devices used by MUG employees, and updating its policies and procedures to reflect these technological changes.”

MUG said it is also conducting a risk analysis “to detect any other vulnerabilities that may exist so it can quickly correct them.” MUG employees, as well as those at its IT vendor, will undergo information security training.

Potentially affected patients will be offered free credit monitoring services for one year, the organization stated.

While MUG did not specify how many individuals were possibly affected, the OCR data breach reporting tool states that 17,634 were likely impacted.

Healthcare ransomware attacks can be especially devastating, as patient information could be exposed and patient care may also be impacted.

Summit Reinsurance Services, Inc. fell victim to a ransomware attack toward the end of 2016, which in turn affected several providers that work with the third-party vendor. For example, Louisiana Health Cooperative, Inc. in Rehabilitation (LAHC) announced that certain policyholders, members and subscribers may have been affected by the incident.

The affected server may consist of one or more of the following: member names, provider names, Social Security numbers, and health insurance information. Certain claim-focused medical records containing information such as diagnosis/clinical information that Summit uses as part of its stop-loss and reinsurance underwriting and consulting services may also have been involved.

In that case, approximately 8,000 individuals were affected.

Summit also notified Alliant Health Plans, Inc. that some of its information may have been exposed in the server attack, impacting over 1,000 Alliant members.

The exposed information included Social Security numbers, health insurance information, and claim-focused medical records.

Summit said at the time that it was updating its policies, procedures, and protections for member information, among other precautionary measures to prevent similar incidents from happening in the future. 

Recently, Summit announced that an unauthorized user accessed its server around March 13, 2016.

“To date, Summit has no direct evidence that data from the affected server has been used inappropriately,” Summit said in its statement. “Nevertheless, in an abundance of caution, Summit, on behalf of certain affected health plans and self-funded employer groups, is notifying affected individuals of this incident.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks