Wisconsin Patients’ Health Data Exposed After Email Hacking Incident

August 02, 2021 - A Wisconsin urology practice is notifying patients of an email hacking incident that exposed patients' health data.  

The Wisconsin Institute of Urology (WIU) announced on July 30 that a cybercriminal hacked into an employee email account, exposing patients’ protected health information (PHI.)  

WIU, which has four locations in Wisconsin, said in a press release that it “has taken action after becoming aware of unauthorized access to an employee email account.  In an abundance of caution, WIU is providing notice of this event to potentially impacted individuals, as well as certain regulators.  While WIU is unaware of any fraudulent misuse of data related to this incident, it has shared this information with potentially impacted individuals in an abundance of caution.” 

On May 26, the practice became aware of suspicious activity related to the employee’s email account, according to the press release.  

“Upon discovery, WIU immediately changed the impacted employee's password and launched an investigation into the nature and scope of the incident,” the release states. “On or about June 9, 2021, WIU confirmed that the employee's email account (was) accessed by an unauthorized actor.”  

“WIU then promptly undertook a thorough and time intensive review of the data to determine the individuals whose information was at risk, and then worked quickly to identify accurate address information to provide this written notification to all potentially impacted individuals,” the release notes.  

The cyberattack impacted patients’ information, including dates of birth, medical treatments, medical diagnoses, and health insurance information.  

“Any individuals whose Social Security numbers may have been impacted are receiving written correspondence via US Mail,” the release notes. “Again, WIU is unaware of any fraudulent misuse of data related to this incident.” 

WIU is recommending that all impacted individuals review their account statements and monitor their credit reports. 

"The confidentiality, privacy, and security of its information are among its highest priorities, and WIU takes this incident very seriously,” it stated. “In response to this incident, WIU moved swiftly to confirm the security of its internal systems and to secure its email environment. As part of its response to this event, WIU provided notifications to state and federal regulators as required. 

WIU set up a call center to answer questions and concerns related to the data breach. Patients can call 877-653-0549 Monday through Friday, 8:00 am to 10:00 pm, CST and weekends from 10:00 am to 7:00 pm CST.